Extract the certificate and key from a PKCS#12 file

event_note November 02, 2012

Normally we send out the BioID Web Service client certificate and private key as a PKCS#12 file. On Microsoft Windows this file (with the file extension.pfxfor Personal Information Exchange) can be used to import the certificate and private key into the certificate store.

The certificate and private key can be extracted with OpenSSL, e.g. if the BWS client certificate and key is used on systems other than Microsoft Windows. The first command extracts the certificate from the PFX file and the second command the private key.

The private key will be secured with a passphrase so the first command asks first for the import passphrase for the PKCS #12 file and then twice for the passphrase for the extracted private key.

openssl pkcs12 -in ClientCert.pfx -nocerts -out ClientCert.key

The second command for extracting the certificate just asks for the import passphrase of the PFX file once.

openssl pkcs12 -in ClientCert.pfx -clcerts -nokeys -out ClientCert.pem