How to extract private key and certificate from PFX file using OpenSSL

You now need to use Openssl to extract the private key. You can view the project here. The windows implementation has been done by Shining Light Productions and you can download Win32 OpenSSL here

This guide will use Win32 OpenSSL as reference, good job Thomas!

Once you have installed Win32 OpenSSL, start the cmd prompt as administrator and navigate to the install location i.e. C:\Program Files\OpenSSL-Win32\bin

Type openssl to run
Command Prompt for OpenSSL

Here are the commands using a wildcard certificate for an example

1. Extract Private Key.
pkcs12 -in "C:\MyExportedWildcardSSLCert.pfx" -nocerts -out "C:\MyWildcardSSLCert.pk.pem"

2. Now to remove the passphrase from the private key pem file.
rsa -in "C:\MyWildcardSSLCert.pk.pem" -out "C:\MyWildcardSSLCert.pk.pem"

3. Now extract the certificate file.
pkcs12 -in "C:\MyExportedWildcardSSLCert.pfx" -clcerts -nokeys -out "C: \MyWildcardSSLCert.crt.pem"

4. Test connection.
s_client -connect YourMailServerIPAddress:995

Return to Category