Pfx is mostly known in Windows environments as a certificate archive format. It’s a binary encapsulating the public certificate, private key, and intermediate certificates. Its most general name is PKCS12 format.
Most of the time the pfx files are protected with a password. So you need to know the password of the pfx file if you want to operate on it.
Sometimes I need plain text certificates and/or the private keys. In order to extract these from the pfx file, the OpenSSL tool can be used.
The following steps show how to get a public certificate and plain text private key out of the certificate pfx.
STEP 1: Exporting certificate file (public.crt):
OpenSSL> pkcs12 -in input.pfx -clcerts -nokeys -out public.crt
You should enter the password of the pfx file in order to export the public certificate (public.crt).
STEP 2: Exporting encrypted certificate key (private.key):
OpenSSL> pkcs12 -in input.pfx -nocerts -out private.key
You should first enter the password of the pfx file to start export operation and then provide a new password to secure the private.key file.