SSL certificates generated/exported via Windows are usually in the .pfx format. However some applications such as Linux or Java based applications require the certificate and private key to be in separate files. With the commands below you can export the individual parts from the .pfx file.
1. Export certificate and private key from .pfx with OpenSSL
Run the commands below on a system that has OpenSSL installed. On most Linux systems OpenSSL is installed by default, so there it should work out-of-the-box:
// Generates an encrypted private key file openssl pkcs12 -in "[pfx filename here].pfx" -nocerts -out "encryptedPrivateKey.pem" -passin "pass:[password of certificate here]" -passout "pass:[password of certificate here]" // Decrypts it openssl rsa -in "encryptedPrivateKey.pem" -out "privateKey.pem" -passin "pass:[password of certificate here]" // Generates the certificate file: openssl pkcs12 -in "[pfx filename here].pfx" -clcerts -nokeys -out "certificate.crt" -passin "pass:[password of certificate here]" // Generate the chain file: openssl pkcs12 -in "[pfx filename here].pfx" -cacerts -nokeys -out "certificateChain.crt" -passin "pass:[password of certificate here]"
