How to Export Certificates and Private Key From a PKCS#12 File with OpenSSL?

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)
Loading...
Export Certificates and Private Key From PKCS

Exporting certificates and private keys from a PKCS#12 (p12 or .pfx) file can be daunting, especially if you are not a tech professional. If you are one of those people who wants to export the certs and keys but isn’t aware of the know-how, don’t fret!

To assist you in executing this daunting task, we have mentioned step-by-step instructions in this article. All that’s left for you is to follow those instructions carefully.

But before performing the steps, let’s first comprehend the PKCS#12 file and OpenSSL. Doing so will broaden your knowledge and aid you in apprehending the process in a better way.

Buy Cheap SSL Certificates

What is PKCS#12 File?

A PKCS#12 file is a type of file used to store private keys with accompanying X.509 certificates. It may be protected with a password-based symmetric key. A PKCS#12, a.k.a., p12 or .pfx file is commonly used for secure backup and transfer of certificates and private keys.

Recommended: How to Generate PFX File or P12 File Using OpenSSL?

What is OpenSSL?

OpenSSL is an open-source software library or tool. It provides cryptographic functions and protocols employed to shield communication over the web.

Recommended: What is OpenSSL? Useful OpenSSL Commands to Work with SSL Certificates

This tool is widely employed to implement a secure socket layer protocol that ensures data encryption and authentication between – a client (browser) and a server. It also offers “n” number of cryptographic algorithms, along with encryption, decryption, digital signatures, and certificate management.

How to Export Private Key From a PKCS#12 File with OpenSSL?

Follow the steps mentioned below to export the private key from a PKCS#12 file with OpenSSL:

Prerequisite: Verify that the OpenSSL library is installed on the server that possesses the SSL cert.

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] command to export the private key.
  • A prompt will appear.
  • Type the import password you used to protect the key pair when creating the .pfx file.
  • A new prompt will appear.
  • Type a new password to protect the .key file that you are making.

How to Export Certificate From a PKCS#12 File with OpenSSL?

Follow the steps mentioned below to export the certificate from a PKCS#12 file with OpenSSL:

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] command to export the certificate.

How to Decrypt the Private Key?

Follow the steps mentioned below to decrypt the private key:

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl rsa -in [drlive.key] -out [drlive-decrypted.key] command.

Extracting the certificates and private keys from a PKCS#12 file with OpenSSL was easy with these steps!