- First off, go and get OpenSSL:
- You can use an installer program: https://slproweb.com/products/Win32OpenSSL.html
- Or if you want a raw zip of the file to store to your preference you can get that here: https://indy.fulgan.com/SSL/
Now that you are installed and ready to go you should now have a browsable file path to OpenSSL (i.e. C:\OpenSSL)
2. Obtain your PFX file and (for simplicity) place your PFX file in your OpenSSL directory.
(In this example we will assume we have a .pfx file called mycertificate.pfx and your OpenSSL directory is C:\OpenSSL)
3. Run this in command prompt (in your OpenSSL directory) to get the .pem file:
openssl pkcs12 -in mycertificate.pfx -out mypemfile.pem
You should now have a .pem file generated from your PFX file.
4. Run this in command prompt (in your OpenSSL directory) to extract the encrypted private key:
openssl pkcs12 -in mypemfile.pem -out myencryptedkey.key
You should now have the extracted encrypted private key out of the .pem file.
5. Run this in command prompt (in your OpenSSL directory) to create a decrypted private key from the encrypted version
openssl rsa -in myencryptedkey.key -out mydecryptedkey.key
You should now have the decrypted private key from your encrypted version.
6. Run this in command prompt (in your OpenSSL directory) to extract a .crt file from your PFX file:
openssl pkcs12 -in mycertificate.pfx -clcerts -nokeys -out certificate.crt
You should now an extracted .crt file from the PFX file.
That’s it! You should now have encrypted/decrypted keys as well as your .pem and .crt versions of your original PFX files. Happy certificating (I need to coin that term). Questions are always welcome.