Extracting .pfx files
Website Documentation for your KeePass client and Pleasant Password Server
You may have the need to export a certificate and private key from a Windows server to separate certificate and key files for use in PPS, Nginx, or elsewhere. By default, Windows doesn't provide the means to complete this process. Follow the procedure below to extract separate certificate and private key files from the .pfx file.
Extracting certificate and private key files
- Take the file you exported (e.g. certname.pfx) and copy it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
- Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key