The other day I needed to recover the private key and certificate from a pfx/pkcs12 container and found the following openssl commands really handy. As I often need to do things like this I decided to write a quick post about it for easy access and to assist others looking for the same.
To extract the private key from your pfx or pkcs12 certificate run the following openssl command. Obviously you would need to know the password that was set up when creating the certificate.
openssl pkcs12 -in "C:\Certificates\MyCertificate.p12" -nocerts -out "C:\Certificates\MyCertificatePrivateKey.pem" -nodes
It will prompt you for the password and then extract the key and put it in the file specified.
It may also ask you for a pass phrase and to remove the pass phrase after the key has been generated use the following command.
openssl rsa -in "C:\Certificates\MyCertificatePrivateKey.pem" -out "C:\Certificates\PrivateKey.key"
To extract the public certificate without the key from your pkcs12 container use the following command.
openssl pkcs12 -in "C:\Certificates\MyCertificate.p12" -nokeys -out "C:\Certificates\MyPublicCert.pem"
That is it.