Ask a Question

Advanced Search

Solution ID : SO5291

Last Modified : 05/02/2018

How to extract a private key and certificates from a PKCS12 file using OpenSSL

Problem

How to extract a private key and certificates from a PKCS12 file using OpenSSL

Solution

In some circumstances you may need to extract the Private key and certificates from a PKCS12 file for use in another program.

  1. Copy the PFX or P12 file to the same location as your OpenSSL program (or specify the location in the command line).
  2. Type this command:
    openssl pkcs12 -in PKCS12file -out keys_out.txt
     
  3. After entering the above command you will receive these prompts:

    Enter Import Password:
    (this is the password that was used when the PKCS12 file was created)

    MAC verified OK

    Enter PEM pass phrase:
    (this is the private key password)

    Verifying - Enter PEM pass phrase: (confirm the private key password)
     
  4. The private key, certificate, and any chain files (roots) will be parsed and dumped into the "keys_out.txt" file.

    Note: The private key will still be encrypted. If you need the private key unencrypted see solution: SO5292
     

For more information concerning OpenSSL please visit: www.openssl.org