Converting pfx to pem using openssl

by

Another perspective for doing it on Linux… here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase.

openssl pkcs12 -in file.pfx -out file.pem -nodes

Then you can configure HAProxy to use the file.pem file.

This is an EDIT from previous version where I had these multiple steps until I realized the -nodes option just simply bypasses the private key encryption. But I’m leaving it here as it may just help with teaching.

openssl pkcs12 -in file.pfx -out file.nokey.pem -nokeys
openssl pkcs12 -in file.pfx -out file.withkey.pem
openssl rsa -in file.withkey.pem -out file.key
cat file.nokey.pem file.key > file.combo.pem
  1. The 1st step prompts you for the password to open the PFX.
  2. The 2nd step prompts you for that plus also to make up a passphrase for the key.
  3. The 3rd step prompts you to enter the passphrase you just made up to store decrypted.
  4. The 4th puts it all together into 1 file.

Then you can configure HAProxy to use the file.combo.pem file.

The reason why you need 2 separate steps where you indicate a file with the key and another without the key, is because if you have a file which has both the encrypted and decrypted key, something like HAProxy still prompts you to type in the passphrase when it uses it.

More Related Contents:

  1. Differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”
  2. How to save public key from a certificate in .pem format
  3. How to get .pem file from .key and .crt files?
  4. How to read .pem file to get private and public key
  5. How can I transform between the two styles of public key format, one “BEGIN RSA PUBLIC KEY”, the other is “BEGIN PUBLIC KEY”
  6. CMake not able to find OpenSSL library
  7. Use RSA private key to generate public key? [closed]
  8. C# RSA Public Key Output Not Correct
  9. Converting PKCS#12 certificate into PEM using OpenSSL
  10. Difference between openSSL rsautl and dgst
  11. Verify a certificate chain using openssl verify
  12. Convert PEM traditional private key to PKCS8 private key
  13. Using OpenSSL what does “unable to write ‘random state'” mean?
  14. Multiple OpenSSL RSA signing methods produce different results
  15. How to extract public key using OpenSSL?
  16. OpenSSL Verify return code: 20 (unable to get local issuer certificate)
  17. Why is Apple Deprecating OpenSSL in MacOS 10.7 (Lion)? [closed]
  18. RSA: Get exponent and modulus given a public key
  19. Correct location of openssl.cnf file
  20. Programmatically Create X509 Certificate using OpenSSL
  21. How to generate an openSSL key using a passphrase from the command line?
  22. Convert pem key to ssh-rsa format
  23. How to create public and private key with openssl?
  24. How to convert an ECDSA key to PEM format
  25. Unable to load Private Key. (PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: ANY PRIVATE KEY) [closed]
  26. Creating a .p12 file
  27. How do I get Visual Studio Code to trust our self-signed proxy certificate?
  28. When was TLS 1.2 support added to OpenSSL?
  29. Cross Compile OpenSSH for ARM
  30. How to make browser trust localhost SSL certificate? [closed]

Leave a Comment