Reputation: 481
How to extract private key from pfx file using openssl?
I was looking to extract a private key for an SSL certificate using PowerShell.
I googled and tried following openssl command:
& openssl.exe pkcs12 -in filename.pfx -nocerts -out key.pem
But I have to manually enter the password and I end up with invalid "RSA PRIVATE KEY". How do I get the unencrypted key and pass the password to OpenSSL?
Upvotes: 47
Views: 129486
Answers (2)
Reputation: 11
Two things you can check in this issue,
Make sure to add -nodes property in the OpenSLL command you used, so the extracted RSA Private key will be an unencrypted. Example,
openssl pkcs12 -in certificate-name.pfx -nocerts -nodes -out private-key.pemYou can remove the bag and key attributes line from Private Key and try it.
Check out a good explanation to this issue on my blog at: How To Extract Private Key From PFX Certificate File
Upvotes: 0
Reputation: 5193
Your command is correct, and gives you the encrypted private key in PKCS#8 format. If you need the unencrypted private key, just add the -nodes option:
openssl pkcs12 -in filename.pfx -nocerts -nodes -out key.pem
If you need the private key in old RSA format, you should convert the given key with the openssl pkcs8 command:
openssl pkcs8 -in key.pem -out rsakey.pem
See the documentation for details:
- https://www.openssl.org/docs/manmaster/man1/openssl-pkcs12.html
- https://www.openssl.org/docs/manmaster/man1/openssl-pkcs8.html
Upvotes: 73
Related Questions
- How to convert a private key to an RSA private key?
- How to get .pem file from .key and .crt files?
- Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows
- Convert PEM traditional private key to PKCS8 private key
- How to determine certificate type from file
- Private Key changes between exports from a .PFX (PKCS#12) File