Invitation Digital Tech Blog

Building Scalable & Responsive Architecture


How to extract Private Key and Certificate from a PFX or PKCS12 (p12) file using openssl

The other day I needed to recover the private key and certificate from a pfx/pkcs12 container and found the following openssl commands really handy. As I often need to do things like this I decided to write a quick post about it for easy access and to assist others looking for the same.

This post obviously assumes you know what openssl is and you have it installed. If not you can find more information on openssl and download it from here.

To extract the private key from your pfx or pkcs12 certificate run the following openssl command. Obviously you would need to know the password that was set up when creating the certificate.

openssl pkcs12 -in "C:\Certificates\MyCertificate.p12" -nocerts -out "C:\Certificates\MyCertificatePrivateKey.pem" -nodes

It will prompt you for the password and then extract the key and put it in the file specified.

It may also ask you for a pass phrase and to remove the pass phrase after the key has been generated use the following command.

openssl rsa -in "C:\Certificates\MyCertificatePrivateKey.pem" -out "C:\Certificates\PrivateKey.key"

To extract the public certificate without the key from your pkcs12 container use the following command.

openssl pkcs12 -in "C:\Certificates\MyCertificate.p12" -nokeys -out "C:\Certificates\MyPublicCert.pem"

That is it.