How to Export Certificates and Private Key From a PKCS#12 File with OpenSSL?

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5, rated)
Loading...
Export Certificates and Private Key From PKCS

Exporting certificates and private keys from a PKCS#12 (p12 or .pfx) file can be daunting, especially if you are not a tech professional. If you are one of such people who wants to export the certs and keys but aren’t aware of the know-how, don’t – fret!

To assist and help you out in executing this daunting task, we have mentioned step-by-step instructions in this article. All that’s left for you is to follow those instructions carefully.

But before performing the steps, let’s first comprehend what PKCS#12 file and OpenSSL are. Doing so will broaden your knowledge and aid you in apprehending the process in a better way.

What is PKCS#12 File?

A PKCS#12 file is a type of file used to store private keys with accompanying X.509 certificates. It may be protected with a password-based symmetric key. A PKCS#12, a.k.a., p12 or .pfx file is commonly used for secure backup and transfer of certificates and private keys.

Recommended: How to Generate PFX File or P12 File Using OpenSSL?

What is OpenSSL?

OpenSSL is an open-source software library or tool. It provides cryptographic functions and protocols employed to shield communication over the web.

Recommended: What is OpenSSL? Useful OpenSSL Commands to Work with SSL Certificates

This tool is widely employed to implement a secure socket layer protocol that ensures data encryption and authentication between – a client (browser) and a server. It also offers “n” number of cryptographic algorithms, along with encryption, decryption, digital signatures, and certificate management.

How to Export Private Key From a PKCS#12 File with OpenSSL?

Follow the steps mentioned below to export the private key from a PKCS#12 file with OpenSSL:

Prerequisite: Verify that the OpenSSL library is installed on the server that possesses the SSL cert.

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] command to export the private key.
  • A prompt will appear.
  • Type the import password you used to protect the key pair when creating the .pfx file.
  • A new prompt will appear.
  • Type a new password to protect the .key file that you are making.

How to Export Certificate From a PKCS#12 File with OpenSSL?

Follow the steps mentioned below to export the certificate from a PKCS#12 file with OpenSSL:

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] command to export the certificate.

How to Decrypt the Private Key?

Follow the steps mentioned below to decrypt the private key:

  • Initiate OpenSSL from the OpenSSL\bin folder.
  • Open the command prompt.
  • Navigate to the folder that contains the .pfx (PKCS#12) file.
  • Type the openssl rsa -in [drlive.key] -out [drlive-decrypted.key] command.

Extracting the certificates and private keys from a PKCS#12 file with OpenSSL was easy, right? This is what you all needed to do!

Related posts:

  1. How to Generate CSR on Microsoft Exchange Server
  2. How to Generate CSR on Microsoft Azure App Services?
  3. How to Generate CSR on Heroku?
  4. How to Generate CSR For Joomla?
<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109.7 29.02"><defs><style>.cls-1{fill:#fff;}</style></defs><path class="cls-1" d="m5.38,22.85c-3.1-.26-5.3-1.92-5.38-4.8h3.6c.1,1.1.67,1.85,1.78,2.09v-4.58c-2.47-.62-5.38-1.32-5.38-4.87,0-2.83,2.26-4.68,5.38-4.92v-1.94h1.54v1.94c3,.24,5.02,1.85,5.23,4.7h-3.62c-.1-.94-.67-1.66-1.61-1.94v4.54c2.5.65,5.42,1.3,5.42,4.85,0,2.45-1.92,4.73-5.42,4.97v1.94h-1.54v-1.97Zm0-10.25v-4.15c-1.1.17-1.87.84-1.87,2.06,0,1.13.77,1.7,1.87,2.09Zm1.54,3.38v4.2c1.22-.22,1.94-1.06,1.94-2.14s-.82-1.68-1.94-2.06Z"/><path class="cls-1" d="m17.62,8.33h-2.33v-3.1h5.78v17.5h-3.46v-14.4Z"/><path class="cls-1" d="m28.27,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m41.28,22.9c-1.22,0-2.09-.86-2.09-1.97s.86-1.97,2.09-1.97,2.04.86,2.04,1.97-.86,1.97-2.04,1.97Z"/><path class="cls-1" d="m49.54,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m64.56,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.9-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m81.79,0h3.29l-6.48,27.07h-3.29L81.79,0Z"/><path class="cls-1" d="m96.89,9.43h3.58l-8.23,19.59h-3.58l2.88-6.62-5.33-12.96h3.77l3.43,9.29,3.48-9.29Z"/><path class="cls-1" d="m105.62,22.73h-3.36v-13.3h3.36v2.06c.84-1.37,2.23-2.26,4.08-2.26v3.53h-.89c-1.99,0-3.19.77-3.19,3.34v6.62Z"/></svg>