It’s the passwort which protects the p12 file. If you were given a ‘PIN’ for your pfx file, try that. OpenSSL calls it ‘import passwort’, because it is importing from p12 format and exporting to pem format.
Two remarks about those three commands: If you omit the `-nodes` argument in the first command, OpenSSL will ask you for another passwort to encrypt the private key, which I’d recommend if it’s an important key. The third command is only necessary, if you omitted `-nodes` in the first step, because otherwise the key already is unencrypted and has no passphrase. 1. Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes 2. Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem 3. Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key HTH, Matthias From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of Michael Leone Sent: Thursday, February 13, 2020 9:34 PM To: openssl-users@openssl.org Subject: How to split a pfx file into cert and key? I received a pfx file from one our techs. A pfx file is a cert and key, all in one binary file. He needs me to split it out into the cert and the key, so I can create a new request from that key, and then sign a new cert for him. (no, I don't know why he can't just create a new request. And I would revoke the old cert, except that I am unsure of the details he used in naming it, so I don't know what to revoke .. So I am stuck trying to see if I can help the guy, by creating a new request from the private key, presuming I can extract the private key ...) Anyways, I found this set of commands Extracting Certificate and Private Key Files from a .pfx File<https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File> https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File 1. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key. 2. Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes 3. Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem 4. Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key But I'm asked for an "Import password" .. $ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out DCTRNPS001_key.pem -nodes Enter Import Password: And I have no idea what an "import" password is. It's not the password for the private key, so I don't know what it is. Pointers, anyone? -- Mike. Leone, <mailto:tur...@mike-leone.com<mailto:tur...@mike-leone.com>> PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos> This space reserved for future witticisms ...
