Reputation: 1736
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM, by, for instance:
openssl pkcs12 -in cert_and_pvt_key.pfx -out cert_and_pvt_key.pem
then I have a PEM file with both certificate and private key, now, I want to get certificate file and private key file respectively, yes, I know cert_and_pvt_key.pem is in text format, we can copy the key part and cert part as we like, but, this is not elegant, I want something sophisticated, like openssl pkcs12
, is there anything available?
Upvotes: 1
Views: 1885
Reputation: 2297
You can use the -nocerts
and -nokeys
option to openssl pkcs12
to only output the part you need. Run openssl pkcs12
with each in turn:
openssl pkcs12 -in cert_and_pvt_key.pfx -nokeys -out cert.pem
then:
openssl pkcs12 -in cert_and_pvt_key.pfx -nocerts -out pvt_key.pem
If you haven't got access to the original PKCS#12 file, then it becomes a little more difficult. The following should work:
openssl pkcs12 -export -in cert_and_pvt_key.pem | openssl pkcs12 -nokeys -out cert.pem
and:
openssl pkcs12 -export -in cert_and_pvt_key.pem | openssl pkcs12 -nocerts -out pvt_key.pem
However, this asks for a pass-phrase when the the PKCS#12 is created and again when it attempts to split the file to certificate and keys. OpenSSL provides the -nodes
verb to disable this pass-phrase, but it doesn't seem to work with -export
. Therefore, it would fail in a script.
Otherwise, you're left with splitting the file with awk
or similar. There are plenty of examples on this site.
Upvotes: 1