PKI

How to seamlessly convert PFX encoded certificate file to PEM format using OpenSSL?

Last updated on

Reading time: 3 minutes

What is PKCS #12?

PKCS #12 is an archive file format used for storing multiple cryptography objects in a single file. The filename extension for PKCS #12 files is  .p12 or .pfx

What is a PFX file?

A .pfx file is a bag that can hold many objects with optional password protection; however, a PKCS#12 archive usually contains a certificate and the corresponding private key. The file can also include CA chain certificates as well.

What is a PEM file?

PEM is a base64 encoded certificate placed between the headers —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–. The following file extensions are possible for PEM certificates:*.pem, *.crt, and *.cer

How to convert PFX file to PEM format?

Scenario 1: Export private key and certificate files from PFX file

The following procedure will convert the PFX-encoded certificate file into two files in PEM format.

  • certconvert.pem â€“ PEM file containing the SSL/TLS certificate for the resource.
  • privatekeyconvert.pem â€“ PEM file containing the private key of the certificate with no password protection.

Prerequisites

We use an OpenSSL toolkit to convert a PFX encoded certificate to PEM format. For testing this scenario, we use a password protected PFX-encoded file – certificatepfx.pfx and a 2048-bit RSA private key.

Commands

For exporting key:

openssl pkcs12 -in certificatepfx.pfx -nocerts -out privatekeyconvert.pem -nodes

Snippet of output

For exporting certificate

openssl pkcs12 -in certificatepfx.pfx -clcerts -nokeys -out certconvert.pem

Snippet of output

Note: Optionally, we can also have CA certificate chain as a part of the PFX file. In order to export it from the PFX file we run the following command:

openssl pkcs12 -in certificate.pfx -cacerts -nokeys -chain -out ca-chain.pem

Scenario 2: Convert PFX file to PEM format

Execute the following command to convert the data in the certificatepfx.pfx file to PEM format in the convertcert.pem file. The PEM file contains all of the certificates that were in the PFX file, and each of the certificates is wrapped within headers.

Command

openssl pkcs12 -in certificatepfx.pfx -out convertcert.pem -nodes

Snippet of output

Conclusion

In order to use the certificate and private keys on another system in PEM format, you can convert the PFX file using the procedure mentioned above.

Free Downloads

Datasheet of Public Key Infrastructure

We have years of experience in consulting, designing, implementing & migrating PKI solutions for enterprises across the country.

Download

About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

You might also be interested in

Advantages of Upgrading PKI from Windows 2012 and 2012 R2
Advantages of Upgrading PKI from Windows 2012 and 2012 R2 July 28, 2023
PKI – IoT’s Path to Security
PKI – IoT’s Path to Security September 29, 2018
Unveiling PKI Dynamics: Technical Trends and Regulatory Insights Across Regions
Unveiling PKI Dynamics: Technical Trends and Regulatory Insights Across Regions December 7, 2023
Is Your PKI Healthy?
Is Your PKI Healthy? June 9, 2021

Explore More Topics

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo