Extracting the Private Key and the Cert Bundle from a PFX file
You’ve been handed a PFX file and asked to get the .key file (the private key) and a new cert bundle (.crt) out of it
- Step 1 Install OpenSSL on your windows/linux box
- Step 2 Get the private key out first – openssl pkcs12 -in my_cert_bundle.pfx -nocerts -out mycert.key. You will be prompted for the password (if it was provided). Once you get past that, you will be prompted for a Pass phrase (choose something between 4 and 12 letters). Pick something. It won’t let you get past unless you provide this.
- Step 3 Get the Cert out next. openssl pkcs12 -in dcfpolicydev_20221201.pfx -nokeys -nodes -cacerts -out mycert-bundle.crt
Example: To be used in a web server (e,.g. apache httpd)
<VirtualHost 192.168.0.1:443>
...
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mycert.crt
SSLCACertificateFile /etc/pki/tls/certs/mycert-bundle.crt
SSLCertificateKeyFile /etc/pki/tls/private/mycert.key
...
</VirtualHost>
Leave a Reply