.svg)
Sometimes you will have an existing PFX file that you want to convert to PEM format. Usually this is due to specific server requirements.
To convert PFX to PEM:
-
To find the password used when the PFX was exported, use the following commands:
Linux
$ openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
$ openssl pkcs12 -in [yourfile.pfx] -nocerts -nodes -out [keyfile-encrypted.key] # use this command if the first command generates empty certificate.
Windows
C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -nocerts -nodes -out [keyfile-encrypted.key] # use this command if the first command generates empty certificate.
-
Convert encrypted key to unencrypted key:
Linux
$ openssl rsa -in [keyfile-encrypted.key] -out server.key
Windows
C:\xampp\apache\bin\openssl rsa -in [keyfile-encrypted.key] -out server.key
-
Extract the server certificate and convert to PEM format:
Linux
$ openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out server.crt
Windows
C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out server.crt
-
Extract the server certificate chain:
Linux
$ openssl pkcs12 -in [yourfile.pfx] -cacerts -nokeys -out [server-ca.crt]
Windows
C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -cacerts -nokeys -out [server-ca.crt]
-
(optional) In case your file is in p7b format, extract the server certificate and convert to PEM format
Linux
$ openssl pkcs7 -print_certs -in [yourfile.p7b] -out server.crt
Windows
C:\xampp\apache\bin\openssl pkcs7 -print_certs -in [yourfile.p7b] -out server.crt
Now you can use the server.crt, server-ca.crt and server.key files appropriately.