April 17, 2012

Extracting Public Certificate and Private Key From PFX File

Follow below steps to extract public key certificate and private key from a PFX file:

Download and install OPEN SSL.

To extract the private key:
 Openssl.exe pkcs12 -in <pfx_file_name>.pfx -nocerts -out priv.pem
The generated private key file (priv.pem) will be password protected,  to remove the pass phrase from the private key.
 Openssl.exe rsa -in priv.pem -out priv.pem
 Next step is extracting the public key certificate from the pfx file, there is a direct command in OPENSSL to extract the public key certificate from the pfx file but the generated file will contain public key certificate and some other information. To extract only public key certificate first we need to convert the pfx file to pem which contains both private and public key, and then extract the public key certificate from this pem file:
 openssl.exe pkcs12 -in ClientCert1.pfx -out privpub.pem
 The generated pem contains both private and public keys, use the following command to extract only the public key certificate:
 openssl x509 -inform pem -in privpub.pem -pubkey -out pub.pem -outform pem


  1. Really Very helpful !
    Speciaally for setting up Amazon elb coz u require private & public Key...

    Thank u so much for uploading !

  2. Hi There,
    Thanks a lot.
    When I issue the first command, I get permission denied, could you possibly help me?
    Thanks & Regards,

  3. If you're doing this on Linux or Mac OS X, you may want to put quotations around the output filenames to avoid a mysterious dash appearing in front of your output file names.

    IE: openssl pkcs12 -in .pfx -nocerts -out "priv.pem"

  4. Thank you for this info. Very helpful.