Convert .pfx to .pem Format

Install Git Bash for Windows

Get Both Certificate and Private Key

# -nodes is deprecated since OpenSSL 3.0. Use -noenc instead.
# -nodes -> Don't encrypt the private keys at all.
winpty openssl pkcs12 \
    -in cert.pfx -nodes \
    -out cert_and_private_key.pem

Get Only Certificate

winpty openssl pkcs12 \
    -in cert.pfx -nokeys -clcerts \
    -out cert.pem

Get Only Private Key

# -nodes is deprecated since OpenSSL 3.0. Use -noenc instead.
# -nodes -> Don't encrypt the private keys at all.
winpty openssl pkcs12 \
    -in cert.pfx -nocerts -nodes \
    -out private_key_with_password.pem

# remove password from private_key_with_password.pem file
winpty openssl rsa \
    -in private_key_with_password.pem \
    -out private.key

Get CA Certificate Chain

winpty openssl pkcs12 \
    -in cert.pfx -nokeys -cacerts -chain \
    -out cacertchain.pem

Related:

  • http://www.vickram.me/create-https-localhost
  • https://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl
  • https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs12.html
  • https://www.openssl.org/docs/man1.1.1/man1/openssl-rsa.html