Create a self-signed certificate on Windows server
Create a self-signed certificate on Windows server

In this post, you will find below some useful usage of the OpenSSL tool. This commands can be used on both Linux and Windows environment.

For the Windows OS, I have choosen to use the pre-compiled packages at conan.io (version 1.1.1d). Other downloads/versions are available here.

____________

Extract the public key

Extract the public key from a PFX (PKCS12) file. Here the option -clcerts is used to only output client certificates (not CA certificates).

openssl pkcs12 -in yourfile.pfx -clcerts -nokeys -out yourfile.pem

____________

Extract the private key
  • Extract the private key from a PFX (PKCS12) file. With this method, the openssl tool will ask you first the password of the PFX file. Then, a second password will be asked to protect/encrypt the private key. You can choose at this step the password of your choice
openssl pkcs12 -in yourfile.pfx -nocerts -out yourfile.key

____________

Remove or change the private key password
  • Remove the private key password. First, enter the current private key password. Then, just it enter when OpenSSL tool asks for a password. This method can also be used to change the private key password by a new one.
openssl rsa -in yourfile.key -out yourfile_without_pwd.key
OpenSSL useful commands

Leave a Reply

Your email address will not be published.