I received a pfx file from one our techs. A pfx file is a cert and key, all in one binary file. He needs me to split it out into the cert and the key, so I can create a new request from that key, and then sign a new cert for him.
--
Mike. Leone, <mailto:turgon@xxxxxxxxxxxxxx>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
This space reserved for future witticisms ...
(no, I don't know why he can't just create a new request. And I would revoke the old cert, except that I am unsure of the details he used in naming it, so I don't know what to revoke .. So I am stuck trying to see if I can help the guy, by creating a new request from the private key, presuming I can extract the private key ...)
Anyways, I found this set of commands
- Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
- Run the following command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes - Run the following command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem - Run the following command to remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key
But I'm asked for an "Import password" ..
$ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out DCTRNPS001_key.pem -nodes
Enter Import Password:
Enter Import Password:
And I have no idea what an "import" password is. It's not the password for the private key, so I don't know what it is.
Pointers, anyone?
Mike. Leone, <mailto:turgon@xxxxxxxxxxxxxx>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
This space reserved for future witticisms ...
