Howto convert a pfx-PKCS12-Certificate into PEM/DER-Format with RSA-Key


Sometimes you need for encrypting reasons a DER-formated certificate with a rsa-formated key. Use openssl and read more here.


  • Computer with openssl on it


From windows you can only export keyfiles in pkcs12-format (.pfx-file-extension). You need pem-Files (base64 coded) and the private key must be converted into RSA.


Use openssl.

  • openssl pkcs12 -in pkcs12certificate.pfx -out derformattedkey.pem
  • alternative you can export also only the certificate (without the private key in it) with the following command:
    • openssl pkcs12 -in pkcs12certificate.pfx -out derformattedcert.pem -nokeys
  • convert the private-key into rsa:
    • openssl rsa -in derformattedkey.pem -out rsaformattedkey.key

Now you have a DER-codes certificate named derformattedcert.pem and a matching key-file which is rsa converted and called rsaformattedkey.key


Much fun.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.