How to split a pfx file into cert and key?
Michael Leone
turgon at mike-leone.com
Thu Feb 13 20:33:35 UTC 2020
I received a pfx file from one our techs. A pfx file is a cert and key, all
in one binary file. He needs me to split it out into the cert and the key,
so I can create a new request from that key, and then sign a new cert for
him.
(no, I don't know why he can't just create a new request. And I would
revoke the old cert, except that I am unsure of the details he used in
naming it, so I don't know what to revoke .. So I am stuck trying to see if
I can help the guy, by creating a new request from the private key,
presuming I can extract the private key ...)
Anyways, I found this set of commands
Extracting Certificate and Private Key Files from a .pfx File
<https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File>
https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File
1. Note: the *.pfx file is in PKCS#12 format and includes both the
certificate and the private key.
2. Run the following command to export the private key: openssl pkcs12
-in certname.pfx -nocerts -out key.pem -nodes
3. Run the following command to export the certificate: openssl pkcs12
-in certname.pfx -nokeys -out cert.pem
4. Run the following command to remove the passphrase from the private
key: openssl rsa -in key.pem -out server.key
But I'm asked for an "Import password" ..
$ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out
DCTRNPS001_key.pem -nodes
Enter Import Password:
And I have no idea what an "import" password is. It's not the password for
the private key, so I don't know what it is.
Pointers, anyone?
--
Mike. Leone, <mailto:turgon at mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
This space reserved for future witticisms ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200213/cf872fdf/attachment-0001.html>
More information about the openssl-users
mailing list