Converting Existing PFX SSL Certificate to PEM SSL Certificate
To convert PFX to PEM:
To find the password used when the PFX was exported, use the following commands:
Linux $ openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
$ openssl pkcs12 -in [yourfile.pfx] -nocerts -nodes -out [keyfile-encrypted.key] # use this command if the first command generates empty certificate.
Windows C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -nocerts -nodes -out [keyfile-encrypted.key] # use this command if the first command generates empty certificate.
Convert encrypted key to unencrypted key:
Linux $ openssl rsa -in [keyfile-encrypted.key] -out server.key
Windows C:\xampp\apache\bin\openssl rsa -in [keyfile-encrypted.key] -out server.key
Extract the server certificate and convert to PEM format:
Linux $ openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out server.crt
Windows C:\xampp\apache\bin\openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out server.crt
Extract the server certificate chain:
Linux $ openssl pkcs12 -in [certificate.pfx] -cacerts -nokeys -out [server-ca.crt]
Windows C:\xampp\apache\bin\openssl pkcs12 -in [certificate.pfx] -cacerts -nokeys -out [server-ca.crt]
(optional) In case your file is in p7b format, extract the server certificate and convert to PEM format
Linux $ openssl pkcs7 -print_certs -in [yourfile.p7b] -out server.crt
Windows C:\xampp\apache\bin\openssl pkcs7 -print_certs -in [yourfile.p7b] -out server.crt
Now you can use the server.crt, server-ca.crt and server.key files appropriately.