PKI Reading Time: 3 minutes

How to seamlessly convert PFX encoded certificate file to PEM format using OpenSSL?

What is PKCS #12?

PKCS #12 is an archive file format used for storing multiple cryptography objects in a single file. The filename extension for PKCS #12 files is  .p12 or .pfx

What is a PFX file?

A .pfx file is a bag that can hold many objects with optional password protection; however, a PKCS#12 archive usually contains a certificate and the corresponding private key. The file can also include CA chain certificates as well.

What is a PEM file?

PEM is a base64 encoded certificate placed between the headers —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–. The following file extensions are possible for PEM certificates:*.pem, *.crt, and *.cer

How to convert PFX file to PEM format?

Scenario 1: Export private key and certificate files from PFX file

The following procedure will convert the PFX-encoded certificate file into two files in PEM format.

  • certconvert.pem – PEM file containing the SSL/TLS certificate for the resource.
  • privatekeyconvert.pem – PEM file containing the private key of the certificate with no password protection.


We use an OpenSSL toolkit to convert a PFX encoded certificate to PEM format. For testing this scenario, we use a password protected PFX-encoded file – certificatepfx.pfx and a 2048-bit RSA private key.


For exporting key:

openssl pkcs12 -in certificatepfx.pfx -nocerts -out privatekeyconvert.pem -nodes

Snippet of output

For exporting certificate

openssl pkcs12 -in certificatepfx.pfx -clcerts -nokeys -out certconvert.pem

Snippet of output

Note: Optionally, we can also have CA certificate chain as a part of the PFX file. In order to export it from the PFX file we run the following command:

openssl pkcs12 -in certificate.pfx -cacerts -nokeys -chain -out ca-chain.pem

Scenario 2: Convert PFX file to PEM format

Execute the following command to convert the data in the certificatepfx.pfx file to PEM format in the convertcert.pem file. The PEM file contains all of the certificates that were in the PFX file, and each of the certificates is wrapped within headers.


openssl pkcs12 -in certificatepfx.pfx -out convertcert.pem -nodes

Snippet of output


In order to use the certificate and private keys on another system in PEM format, you can convert the PFX file using the procedure mentioned above.

Free Downloads

Datasheet of Public Key Infrastructure

We have years of experience in consulting, designing, implementing & migrating PKI solutions for enterprises across the country.


About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo