pkey public key extraction

Doody, Stephen s.doody at
Wed Sep 20 07:28:46 UTC 2023

Classification: Public


I'm hoping someone can point me in the right direction.

We have a pem file that a colleague believes contains a private and a public key.

They want to extract the public key from the file and deploy that, so a 3rd party service can access our system.

The command they suggested was:
openssl pkey -in ourcert.pem -pubout -out pubkey1.pem

The pubkey.pem file that is created only contains the public key and nothing else, so the 3rd party service can no longer connect to our system as it doesn't recognise this as a valid certificate and complained that it was not trusted.

I've read through the man pages for pkey and x509 and I've also tried this:
openssl x509 -in ourcert.pem -pubkey -out pubkey2.pem

The 3rd party service can now connect to our system but viewing the details of the pubkey2.pem file it looks identical to the original ourcert.pem file.

Is pkey or x509 the right way to do this?

If it is pkey, how do I extract the public key so that it generates a valid certificate?

For info we're running openssl version 1.0.2k-fips on Centos 7 in an AWS EC2 instance.

Thanks for any suggestions.

More information about the openssl-users mailing list