DEV Community

Michael Butak
Michael Butak

Posted on

How to export .cer and .key from .pfx file

So you are ready to add a signed certificate and private key to your web application. Here's one approach to making that happen.

Note, I'm using a Windows 10 workstation.

For the purpose of this post, we assume you already have a .pfx file from your certificate authority. (.pfx is a binary file. There are other file formats such as .pem (which is base64 encoded). If you have a .pem file you can convert it to .pfx and then follow these steps.)

  • Save the .pfx file on your computer. In my examples below, the pfx file is saved at C:/Users/usernameGoesHere/.ssh
  • Next you will need to extract the .key and .cer files from the .pfx:
  • Ensure you have openssl installed.
  • In this example the openssl.exe executable is installed at /bin/openssl
  • From the dir on your workstation where you have the pfx file from your CA (in my example named my-site.com.pfx), run the following command:

echo QUIT | /bin/openssl.exe pkcs12 -in my-site.com.pfx -nocerts -out server.cer.key -nodes

NOTE: If you are using something other than the git bash command line emulator, you might not need the echo QUIT | part, and you can replace /bin/openssl.exe with just openssl.)

NOTE2: We have included the -nodes flag so that the key is not encrypted with an export key.

  • Note that you now have a server.cer.key file in your directory.
  • Next run this command to extract the .key:
  • echo QUIT | /bin/openssl.exe pkcs12 -in my-site.com.pfx -out server.cer -nokeys -clcerts

NOTE: same as above, (if you aren’t using git bash emulator, you might no need the first bit of the command)

Top comments (0)