How to Export Certificates and Private Key From a PKCS#12 File with OpenSSL?
Exporting certificates and private keys from a PKCS#12 (p12 or .pfx) file can be daunting, especially if you are not a tech professional. If you are one of those people who wants to export the certs and keys but isn’t aware of the know-how, don’t fret!
To assist you in executing this daunting task, we have mentioned step-by-step instructions in this article. All that’s left for you is to follow those instructions carefully.
But before performing the steps, let’s first comprehend the PKCS#12 file and OpenSSL. Doing so will broaden your knowledge and aid you in apprehending the process in a better way.
What is PKCS#12 File?
A PKCS#12 file is a type of file used to store private keys with accompanying X.509 certificates. It may be protected with a password-based symmetric key. A PKCS#12, a.k.a., p12 or .pfx file is commonly used for secure backup and transfer of certificates and private keys.
Recommended: How to Generate PFX File or P12 File Using OpenSSL?
What is OpenSSL?
OpenSSL is an open-source software library or tool. It provides cryptographic functions and protocols employed to shield communication over the web.
Recommended: What is OpenSSL? Useful OpenSSL Commands to Work with SSL Certificates
This tool is widely employed to implement a secure socket layer protocol that ensures data encryption and authentication between – a client (browser) and a server. It also offers “n” number of cryptographic algorithms, along with encryption, decryption, digital signatures, and certificate management.
How to Export Private Key From a PKCS#12 File with OpenSSL?
Follow the steps mentioned below to export the private key from a PKCS#12 file with OpenSSL:
Prerequisite: Verify that the OpenSSL library is installed on the server that possesses the SSL cert.
- Initiate OpenSSL from the OpenSSL\bin folder.
- Open the command prompt.
- Navigate to the folder that contains the .pfx (PKCS#12) file.
- Type the openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] command to export the private key.
- A prompt will appear.
- Type the import password you used to protect the key pair when creating the .pfx file.
- A new prompt will appear.
- Type a new password to protect the .key file that you are making.
How to Export Certificate From a PKCS#12 File with OpenSSL?
Follow the steps mentioned below to export the certificate from a PKCS#12 file with OpenSSL:
- Initiate OpenSSL from the OpenSSL\bin folder.
- Open the command prompt.
- Navigate to the folder that contains the .pfx (PKCS#12) file.
- Type the openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] command to export the certificate.
How to Decrypt the Private Key?
Follow the steps mentioned below to decrypt the private key:
- Initiate OpenSSL from the OpenSSL\bin folder.
- Open the command prompt.
- Navigate to the folder that contains the .pfx (PKCS#12) file.
- Type the openssl rsa -in [drlive.key] -out [drlive-decrypted.key] command.
Extracting the certificates and private keys from a PKCS#12 file with OpenSSL was easy with these steps!