April 17, 2012

Extracting Public Certificate and Private Key From PFX File


 
Follow below steps to extract public key certificate and private key from a PFX file:

Download and install OPEN SSL.

To extract the private key:
 Openssl.exe pkcs12 -in <pfx_file_name>.pfx -nocerts -out priv.pem
The generated private key file (priv.pem) will be password protected,  to remove the pass phrase from the private key.
 Openssl.exe rsa -in priv.pem -out priv.pem
 Next step is extracting the public key certificate from the pfx file, there is a direct command in OPENSSL to extract the public key certificate from the pfx file but the generated file will contain public key certificate and some other information. To extract only public key certificate first we need to convert the pfx file to pem which contains both private and public key, and then extract the public key certificate from this pem file:
 openssl.exe pkcs12 -in ClientCert1.pfx -out privpub.pem
 The generated pem contains both private and public keys, use the following command to extract only the public key certificate:
 openssl x509 -inform pem -in privpub.pem -pubkey -out pub.pem -outform pem