Client:
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_client.pem -clcerts
Root:
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_root.pem -cacerts
The different about this client and root is:
Client using : -clcerts
Root using : -cacerts
While you export, you need key that you using to export *.pfx file from original certs
Reference for more: http://www.openssl.org/docs/apps/pkcs12.html
Another perspective for doing it on Linux… here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase.
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_nokey.pem -nokeys
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_withkey.pem
openssl rsa -in goodgames.net_withkey.pem -out goodgames.net.key
cat goodgames.net_nokey.pem goodgames.net.key > goodgames.net_combo.pem
- The 1st step prompts you for the password to open the PFX.
- The 2nd step prompts you for that plus also to make up a passphrase for the key.
- The 3rd step prompts you to enter the passphrase you just made up to store decrypted.
- The 4th puts it all together into 1 file.
Then you can configure HAProxy to use the goodgames.net_combo.pem file.
Reference: http://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl