Sometimes you may need an unencrypted pair for your certificate (in my case, I need it for Docker Registry).
You can use OpenSSL to generate one. You will need:
- OpenSSL (if you use Windows, you can get OpenSSL for Windows)
- A certificate in PFX format
inputfile.pfx(you can convert from other formats using OpenSSL too). You will of course need its password. It is useless if you do not have it, just throw that file away.
First, you need to create a key file using the following command:
openssl pkcs12 -in [inputfile.pfx] -nocerts -out [output-key-with-pw.key]
You will be prompted the password of inputfile.pfx and then a protection password for the output-key-with-pw.key file twice.
Use the following command to create output.crt file:
openssl pkcs12 -in [inputfile.pfx] -clcerts -nokeys -out [output.crt]
You will be asked for the password of inputfile.pfx, but this file requires no encryption.
Remember your output-key-with-pw.key is protected with password? Some program (Docker Registry) does not support it. You can create an unencrypted one, but BE VERY CAREFUL WITH THAT FILE. Don't let that file out.
openssl rsa -in [output-key-with-pw.key] -out [output-key.key]
You will be asked for the password of output-key-with-pw.key (the one you entered twice when creating it).