Export private key and certificate from IIS Pfx

source: https://www.mysysadmintips.com/windows/servers/62-export-private-key-and-certificate-from-iis-pfx-file


manager certificate
View detail
Copy password


copy pfx file at : C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates

pkcs12 -in "C:\1.pfx" -out "C:\cert.pem"

Enter PEM pass phrase:1234

rsa -in "C:\cert.pem" -out "C:\Key.key"


if you need to move or copy a certificate from Windows IIS6 to Linux Apache server (or other device requiring .key and .crt formats) perform following steps:

1. Export IIS6 certificate into into .pfx format
On Windows Server machine
Start > Run MMC
File > Add/Remove Snap-in
Add > Certificates > Add > Computer Account > Local Computer
Navigate to Certificates > Personal > Certificates
Right click your certificate > All Tasks > Export
Yes, export private key
Personal Information Exchange (.pfx) - clear all checkboxes
leave password blank
Choose where to save file


2 . Extract private key and certificate file
You need OpenSSL to extract private key and certificate from .pfx
If you have Linux web server in place you should already have openssl there.
Alternatively you can download and install Windows version. For more info and latest versions check here
If you installed Windows version run openssl.exe from C:\OpenSSL-Win32\bin
In Linux version just type openssl in terminal

in OpenSSL
Export private key and certificate:
pkcs12 -in "C:\your\path\filename.pfx" -out "C:\your\path\cert.pem"
Enter Import Password: leave blank
Enter PEM pass phrase: 1234 (or anything else)

Created cert.pem file will have encrypted private key and all certificates (identity, root, intermediate) in a plain text.
To extract certificates or encrypted private key just open cert.pem in a text editor and copy required parts to a new .crt or .key file. If formatting doesn't look right in Windows notepad use Notepad++ or similar text editor.

If you need private key in not encrypted format you can extract it from cert.pem removing encryption:
rsa -in "C:\your\path\cert.pem" -out "C:\your\path\PrivateKey.key"
Enter pass phrase (1234 or somethinkg else you set previously) to remove encryption.

Leave a comment