Skip to content

Instantly share code, notes, and snippets.

@datvm

datvm/Create unencrypted CRT and KEY from PFX.MD

Created March 4, 2019 10:30
Show Gist options
  • Save datvm/4de10d7e8f034f62742a4b7effe32bb3 to your computer and use it in GitHub Desktop.
Save datvm/4de10d7e8f034f62742a4b7effe32bb3 to your computer and use it in GitHub Desktop.
Download ZIP
Create (no password/unencrypted) CRT and KEY certificates from PFX
Raw
Create unencrypted CRT and KEY from PFX.MD

Sometimes you may need an unencrypted pair for your certificate (in my case, I need it for Docker Registry).

You can use OpenSSL to generate one. You will need:

  • OpenSSL (if you use Windows, you can get OpenSSL for Windows)
  • A certificate in PFX format inputfile.pfx (you can convert from other formats using OpenSSL too). You will of course need its password. It is useless if you do not have it, just throw that file away.

Create (encrypted) key file:

First, you need to create a key file using the following command:

openssl pkcs12 -in [inputfile.pfx] -nocerts -out [output-key-with-pw.key]

You will be prompted the password of inputfile.pfx and then a protection password for the output-key-with-pw.key file twice.

Create public key file

Use the following command to create output.crt file:

openssl pkcs12 -in [inputfile.pfx] -clcerts -nokeys -out [output.crt]

You will be asked for the password of inputfile.pfx, but this file requires no encryption.

Remove password/encryption from key file

Remember your output-key-with-pw.key is protected with password? Some program (Docker Registry) does not support it. You can create an unencrypted one, but BE VERY CAREFUL WITH THAT FILE. Don't let that file out.

openssl rsa -in [output-key-with-pw.key] -out [output-key.key]

You will be asked for the password of output-key-with-pw.key (the one you entered twice when creating it).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment