There may be scenarios when a certificate file and private key file are required, but only a single .pfx file is available. A Microsoft based Windows platform doesn’t provide a way to complete this process.
It is still possible to obtain the required files. By exporting the certificate from the Windows Certificate Store using the Windows MMC into a single .pfx file, separate certificate and private key files can be created from this .pfx file. Below is the process beginning once the .pfx file has been obtained.
- The first step is to copy the exported file (e.g. certname.pfx) to a system where OpenSSL is installed.
NOTE: *.pfx files are in PKCS#12 format and include both the certificate and the private key.
- The following command will export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- The next command will export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Finally, the last command will remove the passphrase from the private key: (if needed)
openssl rsa -in key.pem -out server.key
Known Issues / Troubleshooting
This section is for the issues that have well defined and tested solutions.