Want to convert PFX to .Crt & .Key Files? We can help you.
Here at Bobcares, we often handle requests from our customers to fix similar errors as a part of our Server Management Services.
Today, let us see how to convert the .pfx file into a .crt or .key file from the encrypted key using OpenSSL for free.
Convert PFX to .Crt & .Key Files
OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
If we have the .pfx certificate from the SSL providers/registrars like a network solution, GoDaddy, big rock, etc., then we are good to proceed with the following without any hurdles.
In order to begin, our Support Techs recommend having:
- An OpenSSL package in the system.
- Then a .pfx file for the chosen domain name
- Windows/Ubuntu/Linux system to utilize the OpenSSL package with crt
Extract the private key from the .pfx file
openssl pkcs12 -in [yourfilename.pfx] -nocerts -out [keyfilename-encrypted.key]
With this command, we can extract the private key from the .pfx file.
Now we need to provide the import password of the .pfx file. This is to protect the keypair created for the .pfx file.
Once we enter it, OpenSSL requests to type another password twice. This new password is to protect the .key file.
[email protected]:~/Downloads/SSL-certificate$ openssl pkcs12 -in samplefilename.pfx -nocerts -out samplefilenameencrypted.key Enter Import Password: Enter PEM pass phrase: Verifying — Enter PEM pass phrase: [email protected]:~/Downloads/SSL-certificate$
Extract .crt file from the .pfx certificate
openssl pkcs12 -in [yourfilename.pfx] -clcerts -nokeys -out [certificatename.crt]
After that, we press enter and give the password for the certificate, hit enter again.
Eventually, the certificate will appear in the same directory.
[email protected]:~/Downloads/SSL-certificate$ openssl pkcs12 -in samplefile.pfx -clcerts -nokeys -out samplefileencrypted.crt Enter Import Password:
Extract the .key file from the encrypted private key from step 1.
openssl rsa -in [keyfilename-encrypted.key] -out [keyfilename-decrypted.key]
Here, we enter the import password from step 1.
As a result, we have a certificate(.crt) and two private keys ( encrypted and unencrypted).
[email protected]:~/Downloads/SSL-certificate$ openssl rsa -in samplefilenameencrypted.key -out samplefilenameunencrypted.key Enter pass phrase for samplefilenameencrypted.key: writing RSA key
Finally, we can use .crt and .key files to run the Node / Angular / Java application with these obtained files.
[Finding it difficult? We can help you out]
In short, we saw how our Support Techs go about converting PFX.