Converting PFX certificates on Linux

by on
  • linux
  • technical

While most certificate vendors provide certificates in both PFX format and PEM, most customers seem to send me their certificate in PFX format. Maybe because that way the private key is usually encrypted, or maybe they’re used to that format for their Windows machines.

Converting using OpenSSL

The openssl command makes it easy to convert PFX files. It may ask you for the password if the private key was encrypted.

Export only the private key to a file named key.pem:

openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes

Export only the public certificates to a file named cert.pem:

openssl pkcs12 -in cert.pfx -nokeys -out cert.pem

Export both public and private keys to bundle.pem:

openssl pkcs12 -in cert.pfx -out bundle.pem -nodes