Extracting the Private Key and the Cert Bundle from a PFX file

You’ve been handed a PFX file and asked to get the .key file (the private key) and a new cert bundle (.crt) out of it

Step 1 Install OpenSSL on your windows/linux box
Step 2 Get the private key out first – openssl pkcs12 -in my_cert_bundle.pfx -nocerts -out mycert.key. You will be prompted for the password (if it was provided). Once you get past that, you will be prompted for a Pass phrase (choose something between 4 and 12 letters). Pick something. It won’t let you get past unless you provide this.
Step 3 Get the Cert out next. openssl pkcs12 -in dcfpolicydev_20221201.pfx -nokeys -nodes -cacerts -out mycert-bundle.crt

Example: To be used in a web server (e,.g. apache httpd)

<VirtualHost 192.168.0.1:443>
  ...
  SSLEngine              on
  SSLCertificateFile     /etc/pki/tls/certs/mycert.crt
  SSLCACertificateFile   /etc/pki/tls/certs/mycert-bundle.crt
  SSLCertificateKeyFile  /etc/pki/tls/private/mycert.key
  ...
</VirtualHost>

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written 1210 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

Example: To be used in a web server (e,.g. apache httpd)

No Comments Yet

Leave a Reply Cancel reply