Question

I want to import a certificate for “OCSP/SCVP Response Signing and have a pfx file. But VA requests the key and certificate separately. How can I extract the Certificate and Private Key Files from the .pfx File?

Answer

The following steps describe how to export a certificate and private key from a single .pfx file.

1. Take the file you exported (e.g. certname.pfx) and copy it to a system where OpenSSL is installed (e.g. VA server).
   Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
   
   
2. Run the following command to export the private key:
   
   openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
   
   
3. Run the following command to export the certificate:
   
   openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
   
   
4. Run the following command to remove the passphrase from the private key:
   
   openssl rsa -in key.pem -out server.key