How to Export Certificates and Private Key From a PKCS#12 File with OpenSSL?

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5, rated)
Loading...
Export Certificates and Private Key From PKCS

Exporting certificates and private keys from a PKCS#12 (p12 or .pfx) file can be daunting, especially if you are not a tech professional. If you are one of such people who wants to export the certs and keys but aren’t aware of the know-how, don’t – fret!

To assist and help you out in executing this daunting task, we have mentioned step-by-step instructions in this article. All that’s left for you is to follow those instructions carefully.

But before performing the steps, let’s first comprehend what PKCS#12 file and OpenSSL are. Doing so will broaden your knowledge and aid you in apprehending the process in a better way.

What is PKCS#12 File?

A PKCS#12 file is a type of file used to store private keys with accompanying X.509 certificates. It may be protected with a password-based symmetric key. A PKCS#12, a.k.a., p12 or .pfx file is commonly used for secure backup and transfer of certificates and private keys.

Recommended: How to Generate PFX File or P12 File Using OpenSSL?

What is OpenSSL?

OpenSSL is an open-source software library or tool. It provides cryptographic functions and protocols employed to shield communication over the web.

Recommended: What is OpenSSL? Useful OpenSSL Commands to Work with SSL Certificates

This tool is widely employed to implement a secure socket layer protocol that ensures data encryption and authentication between – a client (browser) and a server. It also offers “n” number of cryptographic algorithms, along with encryption, decryption, digital signatures, and certificate management.

How to Export Private Key From a PKCS#12 File with OpenSSL?

Follow the steps mentioned below to export the private key from a PKCS#12 file with OpenSSL:

Prerequisite: Verify that the OpenSSL library is installed on the server that possesses the SSL cert.

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] command to export the private key.
  • A prompt will appear.
  • Type the import password you used to protect the key pair when creating the .pfx file.
  • A new prompt will appear.
  • Type a new password to protect the .key file that you are making.

How to Export Certificate From a PKCS#12 File with OpenSSL?

Follow the steps mentioned below to export the certificate from a PKCS#12 file with OpenSSL:

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] command to export the certificate.

How to Decrypt the Private Key?

Follow the steps mentioned below to decrypt the private key:

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl rsa -in [drlive.key] -out [drlive-decrypted.key] command.

Extracting the certificates and private keys from a PKCS#12 file with OpenSSL was easy, right? This is what you all needed to do!

Buy Cheap SSL Certificates
<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109.7 29.02"><defs><style>.cls-1{fill:#fff;}</style></defs><path class="cls-1" d="m5.38,22.85c-3.1-.26-5.3-1.92-5.38-4.8h3.6c.1,1.1.67,1.85,1.78,2.09v-4.58c-2.47-.62-5.38-1.32-5.38-4.87,0-2.83,2.26-4.68,5.38-4.92v-1.94h1.54v1.94c3,.24,5.02,1.85,5.23,4.7h-3.62c-.1-.94-.67-1.66-1.61-1.94v4.54c2.5.65,5.42,1.3,5.42,4.85,0,2.45-1.92,4.73-5.42,4.97v1.94h-1.54v-1.97Zm0-10.25v-4.15c-1.1.17-1.87.84-1.87,2.06,0,1.13.77,1.7,1.87,2.09Zm1.54,3.38v4.2c1.22-.22,1.94-1.06,1.94-2.14s-.82-1.68-1.94-2.06Z"/><path class="cls-1" d="m17.62,8.33h-2.33v-3.1h5.78v17.5h-3.46v-14.4Z"/><path class="cls-1" d="m28.27,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m41.28,22.9c-1.22,0-2.09-.86-2.09-1.97s.86-1.97,2.09-1.97,2.04.86,2.04,1.97-.86,1.97-2.04,1.97Z"/><path class="cls-1" d="m49.54,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m64.56,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.9-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m81.79,0h3.29l-6.48,27.07h-3.29L81.79,0Z"/><path class="cls-1" d="m96.89,9.43h3.58l-8.23,19.59h-3.58l2.88-6.62-5.33-12.96h3.77l3.43,9.29,3.48-9.29Z"/><path class="cls-1" d="m105.62,22.73h-3.36v-13.3h3.36v2.06c.84-1.37,2.23-2.26,4.08-2.26v3.53h-.89c-1.99,0-3.19.77-3.19,3.34v6.62Z"/></svg>