RE: How to split a pfx file into cert and key?

2020-02-13 Thread Dr. Matthias St. Pierre 

It’s the passwort which protects the p12 file. If you were given a ‘PIN’ for 
your pfx file, try that.
OpenSSL calls it ‘import passwort’, because it is importing from p12 format and 
exporting to
pem format.

Two remarks about those three commands:

If you omit the  `-nodes` argument in the first command, OpenSSL will ask you 
for another
passwort to encrypt the private key, which I’d recommend if it’s an important 
key.
The third command is only necessary, if you omitted `-nodes` in the first step, 
because
otherwise the key already is unencrypted and has no passphrase.
1.  Run the following command to export the private key: openssl pkcs12 -in 
certname.pfx -nocerts -out key.pem -nodes
2.  Run the following command to export the certificate: openssl pkcs12 -in 
certname.pfx -nokeys -out cert.pem
3.  Run the following command to remove the passphrase from the private 
key: openssl rsa -in key.pem -out server.key
HTH,
Matthias




From: openssl-users  On Behalf Of Michael 
Leone
Sent: Thursday, February 13, 2020 9:34 PM
To: openssl-users@openssl.org
Subject: How to split a pfx file into cert and key?

I received a pfx file from one our techs. A pfx file is a cert and key, all in 
one binary file. He needs me to split it out into the cert and the key, so I 
can create a new request from that key, and then sign a new cert for him.

(no, I don't know why he can't just create a new request. And I would revoke 
the old cert, except that I am unsure of the details he used in naming it, so I 
don't know what to revoke .. So I am stuck trying to see if I can help the guy, 
by creating a new request from the private key, presuming I can extract the 
private key ...)

Anyways, I found this set of commands

Extracting Certificate and Private Key Files from a .pfx 
File
https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File


  1.  Note: the *.pfx file is in PKCS#12 format and includes both the 
certificate and the private key.
2.  Run the following command to export the private key: openssl pkcs12 -in 
certname.pfx -nocerts -out key.pem -nodes
3.  Run the following command to export the certificate: openssl pkcs12 -in 
certname.pfx -nokeys -out cert.pem
4.  Run the following command to remove the passphrase from the private 
key: openssl rsa -in key.pem -out server.key

But I'm asked for an "Import password" ..

$ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out 
DCTRNPS001_key.pem -nodes
Enter Import Password:

And I have no idea what an "import" password is. It's not the password for the 
private key, so I don't know what it is.

Pointers, anyone?

--

Mike. Leone, >

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: 

This space reserved for future witticisms ...

How to split a pfx file into cert and key?

2020-02-13 Thread Michael Leone 
I received a pfx file from one our techs. A pfx file is a cert and key, all
in one binary file. He needs me to split it out into the cert and the key,
so I can create a new request from that key, and then sign a new cert for
him.

(no, I don't know why he can't just create a new request. And I would
revoke the old cert, except that I am unsure of the details he used in
naming it, so I don't know what to revoke .. So I am stuck trying to see if
I can help the guy, by creating a new request from the private key,
presuming I can extract the private key ...)

Anyways, I found this set of commands

Extracting Certificate and Private Key Files from a .pfx File

https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File



   1. Note: the *.pfx file is in PKCS#12 format and includes both the
   certificate and the private key.
   2. Run the following command to export the private key: openssl pkcs12
   -in certname.pfx -nocerts -out key.pem -nodes
   3. Run the following command to export the certificate: openssl pkcs12
   -in certname.pfx -nokeys -out cert.pem
   4. Run the following command to remove the passphrase from the private
   key: openssl rsa -in key.pem -out server.key


But I'm asked for an "Import password" ..

$ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out
DCTRNPS001_key.pem -nodes
Enter Import Password:

And I have no idea what an "import" password is. It's not the password for
the private key, so I don't know what it is.

Pointers, anyone?

-- 

Mike. Leone, 

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: 

This space reserved for future witticisms ...