Converting pfx to pem using openssl

Client:

openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_client.pem -clcerts

Root:

openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_root.pem -cacerts

The different about this client and root is:
Client using : -clcerts
Root using : -cacerts

While you export, you need key that you using to export *.pfx file from original certs

1476326351672

Reference for more: http://www.openssl.org/docs/apps/pkcs12.html

 

Another perspective for doing it on Linux… here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase.

openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_nokey.pem -nokeys
openssl pkcs12 -in goodgames.net-exp2017.pfx -out goodgames.net_withkey.pem
openssl rsa -in goodgames.net_withkey.pem -out goodgames.net.key
cat goodgames.net_nokey.pem goodgames.net.key > goodgames.net_combo.pem
  1. The 1st step prompts you for the password to open the PFX.
  2. The 2nd step prompts you for that plus also to make up a passphrase for the key.
  3. The 3rd step prompts you to enter the passphrase you just made up to store decrypted.
  4. The 4th puts it all together into 1 file.

1476326351672

Then you can configure HAProxy to use the goodgames.net_combo.pem file.

Reference: http://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.