While most certificate vendors provide certificates in both PFX format and PEM, most customers seem to send me their certificate in PFX format. Maybe because that way the private key is usually encrypted, or maybe they’re used to that format for their Windows machines.
Converting using OpenSSL
openssl command makes it easy to convert PFX files.
It may ask you for the password if the private key was encrypted.
Export only the private key to a file named
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
Export only the public certificates to a file named
openssl pkcs12 -in cert.pfx -nokeys -out cert.pem
Export both public and private keys to
openssl pkcs12 -in cert.pfx -out bundle.pem -nodes