Converting .pfx to a .crt/.key files

This article will walk a user through the process of converting a .pfx file to a .crt and .key file so that the SSL certificate can be uploaded into the StackPath control panel.

A .pfx file is a PKCS#12 archive: a file that can contain a lot of objects with optional password protection; but, usually, a PKCS#12 archive has  a certificate (possibly with its assorted set of CA certificates) attached to it  and the corresponding private key.

Thats how .crt or .cer files differ from .pfx files – they contain a single certificate file, without any keys attached.

The StackPath portal requires that you upload the certificate and key in their separate corresponding fields and this is how you can extract them from your .pfx file.

Navigate to the terminal of your operating system and execute the following commands to extract the files:

Certificate:

{code}

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

{code}

Key:

{code}

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

{code}

These two commands will generate two separate files which you can later use in your Stackpath SSL configuration.