Certificates – Convert pfx to PEM and remove the encryption password on private key

I’ve recently ran into a few times where we had to move a certificate from Microsoft Exchange to a HAProxy load balancer. I was provided an exported key pair that had an encrypted private key (Password Protected).

We will seperate a .pfx ssl certificate to an unencrypted .key file and a .cer file

The end state is to get the private key decrypted, the public cert and the certificate chain in the .pem file to make it work with openssl/HAProxy.

Openssl installed
.pfx file (you need to know the password)
intermediate public cert (you can obatin this from your provider like Thawte)
root public cert (you can obatin this from your provider like Thawte)

Step 1
Extract the private key from the .pfx file (you need to know the password:

Step 2
Now lets decrypt the key:

Step 3
Now lets extract the public certificate:

Step 4
You also need all the public certs in the chain up to the root. I’m talking about these:
Root and Intermediate Certs

Step 5
now create a new text file (don’t use notepad) and put your public, private, intermediate public and root public together. It’s simple and should look like this:

Save the file as a .pem file.
If you want to view the cert on windows, simply rename the .pem to .cer

…This is how Ed does it 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *