Extracting certificate and private key files from a PFX container

23 May 2024

ID 239064

If the certification authority provided the certificate as a PFX container (PKCS#12 format, file with the PFX or P12 extension), you must extract PEM-encoded certificate and private key files from the container.

You can extract the certificate and private key files using openssl. To extract the files, you will need to enter the passphrase of the PFX container.

To extract the private key file, use the following command:

openssl pkcs12 -in source.pfx -nocerts -nodes -out key.pem

To extract the certificate file, use the following command:

openssl pkcs12 -in source.pfx -clcerts -nokeys -out cert.pem

You will get the following files:

  • key.pem is the PEM-encoded RSA private key file (without a passphrase).
  • cert.pem is the PEM-encoded X.509 certificate file.

You can use the private key and certificate files thus obtained to replace the web interface certificate.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.