Extract key and certificate from PFX archive
So you are sent a PFX (or PKCS #12) archive file and you need to somehow extract the contents into a format you can use, for example, to setup TLS on a Apache HTTP server. Luckily OpenSSL can manipulated these .pfx archive files so you get the private key and certificate out from the file easily.
Extract the private key
openssl pkcs12 -in domain.pfx -nocerts -out domain-private-key.pem
openssl with prompt for password pass phare, these you should have recieved from the same source as the .pfx file.
Enter Import Password: xxx Enter PEM pass phrase: yyy Verifying - Enter PEM pass phrase: yyy
If all goes well, you should now have the private key in the file domain-private-key.pem. It might contains some extra information, edit the file with your favorite text editor and remove anything before the:
-----BEGIN ENCRYPTED PRIVATE KEY-----
line in the file.
Extract the certificate
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain-certificate.pem
OpenSSL with prompt for a password:
Enter Import Password:
And if all goes well you should now have the certificate file, do the same as for the private key, cleanup any extras before the line:
Now you have the key and certificate, have fun configuring Apache or whatever is your target.