Introduction
PFX (Personal Information Exchange) and PEM (Privacy Enhanced Mail) files are two different formats that store public and private key data as well as SSL/TLS certificates.
The first one (PFX) is often used in Windows operating systems, while the second one (PEM) can be found in Unix/Linux.
PFX File
PFX is used to store private keys, certificates and other security information in one file. This file is specified by the PKCS #12 standard. Common extensions for PKCS #12 are *.pfx or *.p12
This file is usually password protected.
PEM File
PEM is used to encode binary data such as public keys, private keys and certificates into a readable text form similar to the following:
—–BEGIN CERTIFICATE—–
<BASE64 DATA>
—–END CERTIFICATE—–.
This format is widely used in the context of X.509 certificates, as well as public and private keys.
Conversion
Option #1: PFX -> PEM (certificate+private key)
To obtain the private key (not password protected), execute the command
openssl pkcs12 -in myPfx.pfx -nocerts -out privKey.pem -nodes
To obtain certificate:
openssl pkcs12 -in myPfx.pfx -clcerts -nokeys -out cert.pe
Both files contain the PEM extension. Their content can be easily viewed in text editors.
Option #2: PFX -> PEM (single file)
To obtain only one PEM file that will contain both the certificate and the private key, execute the command:
openssl pkcs12 -in myPfx.pfx -out convertedCerts.pem -nodes
Sample content of a PEM file looks like this:
Good luck!
#buymeacoffee