Extract Certificate and Key from PFX

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

If you have a PFX Certificate from a Windows environment and want to utilize it for example on an Apache server running on Linux, the certificate and key needs to be extracted and referenced in the Apache configuration file.

Start by extracting the certificate from the PFX. When prompted for a password specify the password for the PFX file.

openssl pkcs12 -in MyCertificate.pfx -clcerts -nokeys -out MyCertificate.crt

Next we need to extract the key. When prompted for a password specify the password for the PFX file, then specify a passphrase to protect the key file.

openssl pkcs12 -in MyCertificate.pfx -nocerts -out MyEncryptedKeyFile.key

Ideally the encrypted key file is recommended, however that will require us to type in the passphrase every time our Apache service starts. To remediate this we can remove the passphrase from the key, though its not really secure.

openssl rsa -in MyEncryptedKeyFile.key -out MyUnencryptedKeyFile.key

Finally reference the certificate and key file in the Apache configuration file. The service should not prompt you to enter the passphrase if the unencrypted key file is used.

SSLCertificateFile /path/to/MyCertificate.crt
SSLCertificateKeyFile /path/to/MyUnencryptedKeyFile.key

Want To See More?


Windows Autopilot Diagnostics

Microsoft has announced a new Autopilot Diagnostics screen that makes it much easier to troubleshoot and retrieve logs during deployment. The scenario only work with


Installing pfSense on Hyper-V

Having a lab environment on your laptop/desktop machine can be practical to test new functionality and learn new products and services. However it can be