Extract Certificate and Key from PFX

Share This Post

If you have a PFX Certificate from a Windows environment and want to utilize it for example on an Apache server running on Linux, the certificate and key needs to be extracted and referenced in the Apache configuration file.

Start by extracting the certificate from the PFX. When prompted for a password specify the password for the PFX file.

openssl pkcs12 -in MyCertificate.pfx -clcerts -nokeys -out MyCertificate.crt

Next we need to extract the key. When prompted for a password specify the password for the PFX file, then specify a passphrase to protect the key file.

openssl pkcs12 -in MyCertificate.pfx -nocerts -out MyEncryptedKeyFile.key

Ideally the encrypted key file is recommended, however that will require us to type in the passphrase every time our Apache service starts. To remediate this we can remove the passphrase from the key, though its not really secure.

openssl rsa -in MyEncryptedKeyFile.key -out MyUnencryptedKeyFile.key

Finally reference the certificate and key file in the Apache configuration file. The service should not prompt you to enter the passphrase if the unencrypted key file is used.

SSLCertificateFile /path/to/MyCertificate.crt
SSLCertificateKeyFile /path/to/MyUnencryptedKeyFile.key

Want To See More?

Azure AD

Access Reviews with On-Premise Groups

In some of my earlier post I have talked about Access Reviews that are part of the Identity Governance tools in Azure AD. One of


Access Reviews: Manage Guest Users

Azure AD’s B2B (Business to Business) functionality allows organizations to invite external users into their organization so that they can collaborate. However, very few of