NEW LOCATION

Olá Brazil Brazil NVMe-powered VPS Plans in Brazil Now Available.

Deploy Instantly
  • +357 2425 0808
  • Login
  • English

Home

Blog

How To Extract Certificates and Private ...

How To Extract Certificates and Private Key from .PFX file

How To Extract Certificates and Private Key from .PFX file

NetShop ISP

NetShop ISP · Blog Author

Nov 19, 2024 · Technical Tutorials

PFX (Personal Information Exchange) is a file format used to store cryptographic information in a single file. One type of information held within a PFX file is SSL Certificate chains along with the Private Key.

In this article we will explain the reasons one may want to extract the certificates from a .PFX file and the exact steps on how to do it using OpenSSL.

Why Extract Certificates from Single .PFX File

Extracting certificates and private keys from a .pfx file can be necessary in various scenarios, particularly when managing SSL/TLS certificates, application deployments, or secure communications.

1. Application Requirements

Some applications or servers require separate files for certificates and private keys instead of a combined .pfx file:

Web Servers
Servers like Apache or Nginx require the private key and certificates to be in PEM format (.key and .crt files).

Load Balancers
Many load balancers such as HAProxy require the certificate chain (.crt) and private key in specific formats.

Mail Servers
Email software like Zimbra often require separate key and certificate files.

2. Compatibility & Migration

A .pfx file (PKCS#12) is mainly used in Windows systems whereas .pem, .crt and .key are using in Linux. For example, in cases when a wildcard SSL certificate is installed on a Windows Server and then a developer wants to install it in Linux, the certificates must be extracted from the .pfx file prior installing them on a Linux environment (web server, proxy, etc).

3. Easy Renewal & Replacement

Extracting the Private Key from a .PFX is useful in cases of SSL renewal, when one needs to quickly issue a renewed certificate, without going through the hassle of CSR generation.

Best Way to Extract Certificates and Private Key from PFX file

OpenSSL is the utility with which we can extract certifcates and private key from a .pfx file.

In Linux systems use the following command to install openssl:

john@localhost:~$ sudo apt install openssl -y

If you are a Windows user, please visit OpenSSL’s Wiki for instructions on how to download and install OpenSSL for Windows.

Case 1: Extract all Certificates and Private Key in Single PEM file

The following command will extract all certificates (end-entity certificate, intermediate, root certificate s) and private key in a single .pem file.

john@localhost:~$ sudo openssl pkcs12 -in yourPFXFile.pfx -out yourExtractedFile.pem -nodes

Case 2: Extract all Certificates and Private Key in Individual Files

In case you want to have each certificate (end-entity, intermediate, root, private key) in separate files, use the following commands:

Extract the private key:

john@localhost:~$ sudo openssl pkcs12 -in yourPFXFile.pfx -nocerts -nodes -out yourExtractedKey.pem

Extract the end-entity certificate:

john@localhost:~$ sudo openssl pkcs12 -in yourPFXFile.pfx -clcerts -nokeys -out yourExtractedEntityCert.pem

Extract the intermediate and root (if any) certificates:

john@localhost:~$ sudo openssl pkcs12 -in yourPFXFile.pfx -cacerts -nokeys -out yourExtractedChain.pem

Congratulations! If you followed the above steps you should have successfully extracted your desired certificates and private key from PFX file.

Press Releases
80

Free VPS Trial

No Credit Card Required.

Recent Posts

NetShop ISP Leads Conversations on AI Trading at Cyprus Fintech Summit 2024

NetShop ISP Leads Conversations on AI Trading at Cyprus Fintech Summit 2024

16 December, 2024

Black Friday & Cyber Monday Offer – 30% Lifetime Discount on VPS Plans

Black Friday & Cyber Monday Offer – 30% Lifetime Discount on VPS Plans

02 December, 2024

How To Install Sendy on Ubuntu 22.04 Server

How To Install Sendy on Ubuntu 22.04 Server

27 November, 2024

How To Extract Certificates and Private Key from .PFX file

How To Extract Certificates and Private Key from .PFX file

19 November, 2024

NetShop ISP CEO Stefano Sordini to Moderate Key Panel on Forex AI Automation at Cyprus Fintech Summit 2024

NetShop ISP CEO Stefano Sordini to Moderate Key Panel on Forex AI Automation at Cyprus Fintech Summit 2024

15 November, 2024

#letushostyou

Award Winning Hosting Provider established in 2004.

120 Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca 6031, Cyprus

Products

Bare Metal Servers

Customized Servers

Virtual / Cloud Servers

Forex VPS

Storage VPS

cPanel Web Hosting

Reseller Web Hosting

Colocation

Addons

Premium DNS

Email Hosting

Cloud Backup

DDoS Protection

Licenses

SSL Certificates

Domain Names

Premium SLAs

About Us

Data Center Locations

Looking Glass

Our Company

Contact Us

Careers in Cyprus

Become a Partner

Awards

Certifications

© 2024 S.S. NetShop Internet Services Ltd. All rights reserved.  Terms & Conditions  |  Privacy Policy
CY Reg. Number: HE 217340 | EU VAT Number: CY10217340J

Visa
Mastercard
PayPal
Bitcoin
Tether
Ethereum
Litecoin
Wise
Revolut
Wire Transfer