Extracting certificate and private key files from a PFX container

Support

Support for business applications

Kaspersky Secure Mail Gateway

Managing the cluster

Managing the SSL certificate of the cluster node

Extracting certificate and private key files from a PFX container

26 April 2024

ID 239064

If the certification authority provided the certificate as a PFX container (PKCS#12 format, file with the PFX or P12 extension), you must extract PEM-encoded certificate and private key files from the container.

You can extract the certificate and private key files using openssl. To extract the files, you will need to enter the passphrase of the PFX container.

To extract the private key file, use the following command:

openssl pkcs12 -in source.pfx -nocerts -nodes -out key.pem

To extract the certificate file, use the following command:

openssl pkcs12 -in source.pfx -clcerts -nokeys -out cert.pem

You will get the following files:

key.pem is the PEM-encoded RSA private key file (without a passphrase).
cert.pem is the PEM-encoded X.509 certificate file.

You can use the private key and certificate files thus obtained to replace the web interface certificate.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.