When you are required to extract contents of PKCS12 client certificates or PFX files (Personal Information Exchange), you may utilize OpenSSL to be successful with this task.

Overview

PKCS12 and PFX files commonly contain a password secured private key and a public certificate. To extract this information and to store them in separate files you may utilize OpenSSL.

The following examples illustrate how to utilize this tool.

Extract the…

Within the following two examples the the client certificate ist contained in the file client-cert.p12. The illustrated steps will work for PFX files, too.

Private Key

To store the private key in a separate file, perform the following steps.

# extract private key
$ openssl pkcs12 -in client-cert.p12 -nocerts -out private-key.pem
 
# remove password from the key file (optional)
$ openssl rsa -in private-key.pem -out private-key-nonsecure.pem
 

Public Certificate

To store the certificate in a separate file, perform the following steps.

# extract the certificate
$ openssl pkcs12 -in client-cert.p12 -clcerts -nokeys -out public-cert.pem
 

Incoming search terms:

• extract contents from p12
• extract p12 linux
• file p12 linux
• how to extract private key from p12 in ruby
• openssl pfx file linux
• openssl pkcs12 remove password