openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_client.pem -clcerts
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_root.pem -cacerts
The different about this client and root is: Client using : -clcerts Root using : -cacerts While you export, you need key that you using to export *.pfx file from original certs
Reference for more: http://www.openssl.org/docs/apps/pkcs12.html
Another perspective for doing it on Linux… here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase.
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_nokey.pem -nokeys openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_withkey.pem openssl rsa -in goodgames.net_withkey.pem -out goodgames.net.key cat goodgames.net_nokey.pem goodgames.net.key > goodgames.net_combo.pem
- The 1st step prompts you for the password to open the PFX.
- The 2nd step prompts you for that plus also to make up a passphrase for the key.
- The 3rd step prompts you to enter the passphrase you just made up to store decrypted.
- The 4th puts it all together into 1 file.
Then you can configure HAProxy to use the goodgames.net_combo.pem file.