Convert .pfx to .pem Format

by Vickram Ravichandran

The winpty command requires Git Bash for Windows

Related:

Using HTTPS localhost for Development

Client Certificate

winpty openssl pkcs12 -in mycert.pfx -nokeys -clcerts \
    -out mycert.pem

CA Certificate Chain

winpty openssl pkcs12 -in mycert.pfx -nokeys -cacerts -chain \
    -out mycertchain.pem

Private Key

# -nodes is deprecated since OpenSSL 3.0. Use -noenc instead.
winpty openssl pkcs12 -in mycert.pfx -nocerts -nodes \
    -out private_key_with_password.pem

# remove password from private_key_with_password.pem file
winpty openssl rsa -in private_key_with_password.pem \
    -out private.key

Combine into one PEM file

cat mycert.pem mycertchain.pem private.key > certs_and_key.pem

Related:

https://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl

https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs12.html

https://www.openssl.org/docs/man1.1.1/man1/openssl-rsa.html

pfx-to-pempfx-to-crtpfx-to-private-keyssltls