Extract CRT and KEY Files from a PFX Certificate
Learn how to extract .crt and .key files from a .pfx certificate using OpenSSL.
A .pfx (PKCS#12) file contains your public certificate, private key, and intermediate certificates bundled together.
This guide explains how to extract the certificate (.crt) and private key (.key) using a simple Bash script with OpenSSL.
Prerequisites
Before you begin:
A valid
.pfxfile provided by the customer.The password for the
.pfxfile.OpenSSL installed on your local machine.
(Optional) Rename the file for clarity using this format:
domain.pfx— for example:medianova_com.pfx.
Create the Extraction Script
Create a new Bash script file named extract-cert.sh and copy the following commands:
#!/bin/bash
# Usage: ./extract-cert.sh <pfx-password>
# 1. Extract encrypted private key
openssl pkcs12 -in domain.pfx -nocerts -out encrypted-domain.key -passin pass:$1 -passout pass:$1
# 2. Decrypt the private key
openssl rsa -in encrypted-domain.key -out domain.key -passin pass:$1
# 3. Extract public certificate
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.crt -passin pass:$1
# 4. Verify that the certificate and key match
first=$(openssl x509 -in domain.crt -modulus -noout | openssl md5)
second=$(openssl rsa -in domain.key -modulus -noout | openssl md5)
if [[ "$first" == "$second" ]]; then
echo "✅ Certificate and Key match."
else
echo "❌ Mismatch between certificate and key."
fiSave and close the file.
This procedure automates the extraction of certificate and key files from .pfx bundles.
You can now use the generated .crt and .key files to upload your own SSL certificate in the Medianova Control Panel.
Last updated
Was this helpful?