PEM file format conversions using OpenSSL

The following are the PEM conversions using OpenSSL

  • To convert a PFX file to a PEM file that contains both the certificate and private key, the following command needs to be used:

# openssl pkcs12 -in filename.pfx -out cert.pem -nodes

Conversion to separate PEM files

  • We can extract the private key form a PFX to a PEM file with this command:

# openssl pkcs12 -in filename.pfx -nocerts -out key.pem

  • Exporting the certificate only:

# openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

  • Removing the password from the extracted private key: (Sometime we need to remove the password of the private key before using it in a pem file)

# openssl rsa -in key.pem -out server.key