Convert pfx to pem

Rather than use the certificate creation tools on Linux for web servers, I find it quicker and less error prone to create the certificate on Windows and then convert to pem format on the Linux server, this is particularly useful for internal certificates…

So, create the certificate on Windows and export it as a pfx file noting the password that you used

copy the pfx file onto the Linux box

create the pem

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.pem

create the key file

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificatekeypass.key

to enable the key file to be used without entering a password (useful for a webserver…), remove the password

openssl rsa -in certificatekeypass.key -out certificatekey.key

you can now use the certificate.pem and certificatekey.pem in the web server configuration

To use crt files instead of pem files

export the certificate

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.crt

create the key file

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificatekeypass.key

to enable the key file to be used without entering a password (useful for a webserver…), remove the password

openssl rsa -in certificatekeypass.key -out certificatekey.key

efemoral

pumping ideas rather than red

Convert pfx to pem