E.3.3.2. Procedure – Converting certificates using OpenSSL


To convert a certificate and its private key into PKCS12 format (for example, from .pfx) using the OpenSSL software package, complete the following steps.


  1. Convert the .pfx file into PEM format. Issue the following command in a terminal console: openssl pkcs12 -in <certificate>.pfx -out <certificate>.pem -nodes

  2. Open the <certificate>.pem file in a text editor, and copy the certificate and the private key into two separate files, for example, <mycertificate>.pem and <mycertificate>.key.

  3. Convert the certificate and the private key into PKCS12 format. Issue the following command: openssl pkcs12 -export -out <mycertificate>.p12 -inkey <mycertificate>.key -in <mycertificate>.pem

  4. If the original .pfx certificate was imported into a certificate store, remove it and import the new certificate file (that is, <mycertificate>.p12). Importing certificates is described in Procedure E.3.3.1, Certificates and Audit Player.