17.3.3.2. Procedure – Converting certificates using OpenSSL

Purpose: 

To convert a certificate and its private key into PKCS12 format (for example, from .pfx) using the OpenSSL software package, complete the following steps.

Steps: 

  1. Convert the .pfx file into PEM format. Issue the following command in a terminal console: openssl pkcs12 -in <certificate>.pfx -out <certificate>.pem -nodes

  2. Open the <certificate>.pem file in a text editor, and copy the certificate and the private key into two separate files, for example, <mycertificate>.pem and <mycertificate>.key.

  3. Convert the certificate and the private key into PKCS12 format. Issue the following command: openssl pkcs12 -export -out <mycertificate>.p12 -inkey <mycertificate>.key -in <mycertificate>.pem

  4. If the original .pfx certificate was imported into a certificate store, remove it and import the new certificate file (that is, <mycertificate>.p12). Importing certificates is described in Procedure 17.3.3.1, Certificates and Audit Player.