Alright, so let’s make this a quick one. I’ve had to google this multiple times, since I have to do this a couple of times per year, which is NOT often enough for me to remember it by heart, or even for my Terminal to remember the commands properly.
So, long story short – here’s how to export a PEM-formatted .cer -file and your private key (and optionally decrypt it as well!) from a .pfx -file containing both!
Solution
We’ll be using OpenSSL to manipulate the certificate files, so install it first.
Done? Let’s get to it!
Time needed: 10 minutes
How to export a certificate and a key from a .pfx -file?
- Download/export your .pfx
It all starts with actually HAVING a .pfx file. The file needs to contain the certificate and the key.
We’ll assume your certificate is called my.pfx for the remainder of the how-to.
We’ll also assume your pfx-file’s password is empty. That’s how it is if you have exported it from an Azure App service using the UI anyway. - Change to the directory where your .pfx is in
Maybe this is obvious, but to make running the commands as easy as possible, change to the directory where your .pfx file is in. Let’s just assume it’s in the directory below:
cd "C:\temp\cert-export\"
- Export your certificate
Now we’ll export a PEM-encoded certificate with a .cer file extension. It’ll be base64-encoded text file that you can then investigate with openssl.
openssl pkcs12 -in .\my.pfx -out my.cer -clcerts
- Export your encrypted private key
Now we’ll export the key out of the .pfx – it’ll be encrypted at this point, so let’s call it my-encrypted.key:
openssl pkcs12 -in .\my.pfx -nocerts -out my-encrypted.key
- (OPTIONAL) decrypt your private key
The last step exported your private key in encrypted form. You might want to use it in a decrypted, cleartext form. AKS, for example, wants it in this form.
openssl rsa -in .\my-encrypted.key -out my.key
And there we go! Hope I’ll remember to find the commands from here the next time I need them :)
- “Performing cleanup” – Excel is stuck with an old, conflicted file and will never recover. - November 12, 2024
- How to add multiple app URIs for your Entra app registration? - November 5, 2024
- How to access Environment Secrets with GitHub Actions? - October 29, 2024