Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Convert a pkcs12 into individual files for apache or other openssl-compatible products

If you have a pkcs12 file (from IIS for example) and if you need to install the certificate on an Openssl-compatible product such as Apache, you will have to extract the content of the pkcs12 to get several files.

First of all, create a global file (package):
openssl pkcs12 -in yourpkcs12.pfx -out package.pem -nodes
Then duplicate that package file to get 3 different files:
cp package.pem mykey.key
cp package.pem mycert.cer
cp package.pem mychain.txt
Edit each of those files via a test editor. Warning: You need to use a text editor that can interpret OpenSSL-style end-of-lines (under Windows, use an editor compatible with UNIX):
  • in mykey.key only keep the "PRIVATE KEY" bloc
  • in mycert.cer only keep the "BEGIN CERTIFICATE" bloc, corresponding to your server certificate (you know it by reading the comment that appears just above)
  • in mychain.txt only the "BEGIN CERTIFICATE" bloc(s) other than your server certificate (you know it by reading the comment that appears just above)
Those 3 files are usable (even if you might need to convert them into a format compatible with your SSL server)!

Warning: If you create your pfx on Microsoft, do not activate the "enhanced security"!

Go further