Skip to content

Instantly share code, notes, and snippets.

  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Create (no password/unencrypted) CRT and KEY certificates from PFX

Sometimes you may need an unencrypted pair for your certificate (in my case, I need it for Docker Registry).

You can use OpenSSL to generate one. You will need:

  • OpenSSL (if you use Windows, you can get OpenSSL for Windows)
  • A certificate in PFX format inputfile.pfx (you can convert from other formats using OpenSSL too). You will of course need its password. It is useless if you do not have it, just throw that file away.

Create (encrypted) key file:

First, you need to create a key file using the following command:

openssl pkcs12 -in [inputfile.pfx] -nocerts -out [output-key-with-pw.key]

You will be prompted the password of inputfile.pfx and then a protection password for the output-key-with-pw.key file twice.

Create public key file

Use the following command to create output.crt file:

openssl pkcs12 -in [inputfile.pfx] -clcerts -nokeys -out [output.crt]

You will be asked for the password of inputfile.pfx, but this file requires no encryption.

Remove password/encryption from key file

Remember your output-key-with-pw.key is protected with password? Some program (Docker Registry) does not support it. You can create an unencrypted one, but BE VERY CAREFUL WITH THAT FILE. Don't let that file out.

openssl rsa -in [output-key-with-pw.key] -out [output-key.key]

You will be asked for the password of output-key-with-pw.key (the one you entered twice when creating it).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment