Converting pfx to pem using openssl


openssl pkcs12 -in -out goodgames.net_client.pem -clcerts


openssl pkcs12 -in -out goodgames.net_root.pem -cacerts

The different about this client and root is:
Client using : -clcerts
Root using : -cacerts

While you export, you need key that you using to export *.pfx file from original certs


Reference for more:


Another perspective for doing it on Linux… here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase.

openssl pkcs12 -in -out goodgames.net_nokey.pem -nokeys
openssl pkcs12 -in -out goodgames.net_withkey.pem
openssl rsa -in goodgames.net_withkey.pem -out
cat goodgames.net_nokey.pem > goodgames.net_combo.pem
  1. The 1st step prompts you for the password to open the PFX.
  2. The 2nd step prompts you for that plus also to make up a passphrase for the key.
  3. The 3rd step prompts you to enter the passphrase you just made up to store decrypted.
  4. The 4th puts it all together into 1 file.


Then you can configure HAProxy to use the goodgames.net_combo.pem file.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.