PKI Reading Time: 3 minutes

How to seamlessly convert PFX encoded certificate file to PEM format using OpenSSL?

How to seamlessly convert PFX encoded certificate file to PEM format using OpenSSL?
Last updated on

What is PKCS #12?

PKCS #12 is an archive file format used for storing multiple cryptography objects in a single file. The filename extension for PKCS #12 files is  .p12 or .pfx. This format is often used to bundle a PEM certificate and its corresponding private key, along with any additional CA chain certificates.

What is a PFX file?

A .pfx file is a bag that can hold many objects with optional password protection; however, a PKCS#12 archive usually contains a certificate and the corresponding private key. The file can also include CA chain certificates as well. When creating a PFX file, a PFX password may be set to protect the contents of the file, ensuring that only authorized users can access the sensitive information it contains.

What is a PEM file?

PEM is a base64 encoded certificate placed between the headers —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–. The following file extensions are possible for PEM certificates:*.pem, *.crt, and *.cer

How to convert PFX file to PEM format?

Scenario 1: Export private key and certificate files from PFX file

The following procedure will convert the PFX-encoded certificate file into two files in PEM format.

  • certconvert.pem â€“ PEM file containing the SSL/TLS certificate for the resource.
  • privatekeyconvert.pem â€“ PEM file containing the private key of the certificate with no password protection.

Prerequisites

We use an OpenSSL toolkit to convert a PFX encoded certificate to PEM format. For testing this scenario, we use a password protected PFX-encoded file – certificatepfx.pfx and a 2048-bit RSA private key.

Commands

For exporting key:

openssl pkcs12 -in certificatepfx.pfx -nocerts -out privatekeyconvert.pem -nodes

Snippet of output

For exporting certificate

openssl pkcs12 -in certificatepfx.pfx -clcerts -nokeys -out certconvert.pem

Snippet of output

Note: Optionally, we can also have CA certificate chain as a part of the PFX file. In order to export it from the PFX file we run the following command:

openssl pkcs12 -in certificate.pfx -cacerts -nokeys -chain -out ca-chain.pem

Scenario 2: Convert PFX file to PEM format

Execute the following command to convert the data in the certificatepfx.pfx file to PEM format in the convertcert.pem file. The PEM file contains all of the certificates that were in the PFX file, and each of the certificates is wrapped within headers.

Command

openssl pkcs12 -in certificatepfx.pfx -out convertcert.pem -nodes

Snippet of output

Conclusion

In order to use the certificate and private keys on another system in PEM format, you can convert the PFX file using the procedure mentioned above.

Tags:

Free Downloads

Datasheet of Public Key Infrastructure

We have years of experience in consulting, designing, implementing & migrating PKI solutions for enterprises across the country.

Download

About the Author

Manimit Haldar's profile picture

Manimit Haldar is a Cyber Security Consultant with a passion for automation at Encryption Consulting. He bridges the gap between traditional security and cutting-edge technologies by leveraging his expertise in Artificial Intelligence (AI), Machine Learning (ML), and software development. Manimit strengthens client security by implementing robust solutions like PKI (Public Key Infrastructure) and automates processes with AI/ML for anomaly detection and threat analysis. His programming skills and knowledge of CLM (Certificate Lifecycle Management) ensure proper handling of digital certificates, further solidifying client security.

You might also be interested in

Benefits of Professional Support in Windows Server Migration
Benefits of Professional Support in Windows Server Migration August 6, 2023
Digital Certificates – Windows Certificate Stores
Digital Certificates – Windows Certificate Stores August 22, 2020
PKI-as-a-Service
PKI-as-a-Service April 2, 2020
Fixing Expired SSL Certificates – Why and How?
Fixing Expired SSL Certificates – Why and How? December 19, 2020

Explore More Topics

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo