Extracting the certificate and keys from a .pfx file
The .pfx file, which is in a PKCS#12 format, contains the SSL certificate (public keys) and the corresponding private keys. Sometimes, you might have to import the certificate and private keys separately in an unencrypted plain text format to use it on another system. This topic provides instructions on how to convert the .pfx file to .crt and .key files.
Extract .crt and .key files from .pfx file
PREREQUISITE: Ensure OpenSSL is installed in the server that contains
the SSL certificate.
- Start OpenSSL from the OpenSSL\bin folder.
- Open the command prompt and go to the folder that contains your .pfx file.
- Run the following command to extract the private key:
You will be prompted to type the import password. Type the password that you used to protect your keypair when you created the .pfx file. You will be prompted again to provide a new password to protect the .key file that you are creating. Store the password to your key file in a secure place to avoid misuse.openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]
- Run the following command to extract the
certificate:
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
- Run the following command to decrypt the private
key:
Type the password that you created to protect the private key file in the previous step.openssl rsa -in [drlive.key] -out [drlive-decrypted.key]
The .crt file and the decrypted and encrypted .key files are available in the path, where you started OpenSSL.
Convert .pfx file to .pem format
There might be instances where you might have to convert the .pfx file into .pem format. Run the following command to convert it into PEM format.openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]
Note: Ensure that the name of the certificate file is drlive.crt and the
private key file is named drlive.key. The renamed
drlive.crt and drlive.key files must be updated for all
three servers:
- liveAuthServer: <live-install-folder>\liveAuthServer\lib_server\config
- liveHomeServer: <live-install-folder>\liveHomeServer\lib_server\config
- liveRoomServer: <live-install-folder>\liveRoomServer\lib_server\config