Extracting a Private Key from a Certificate
Splitting a Certificate File
We recently has an issue where I was required to upload a certificate to a F5 Big-IP. Now most of admins probably already figured out that some systems such as ADC’s or load balances require the certificate you upload to come in to parts. Part 1 is the certificate file itself so it will have an extension of .CER and part 2 is the private key with an extension of .KEY. Some certificate providers bundle the private key and certificate together, as useful as this, sometimes you have a requirement to separate the private key from the certificate file.
In order to split a certificate we will use OpenSSL for Windows, a free utility to manage and create certificates, if you don’t already have a copy of this utility,. You can download below.
Assuming your utility is located in the root of the C Drive, and the certificate you want to split is also kept within in the same folder.
Open a administrative command prompt and navigate to the folder where you have stored the OpenSSL utility, then run the following command. You will be asked to provide the password for the certificate. This will extract the Private Key.
openssl pkcs12 -in certificates.pfx -nocerts -out privatekey.key
Next we will now extract the certificate, so run the below command:
openssl pkcs12 -in certificates.pfx -clcerts -nokeys -out certificate.cer
That’s it! You now have a private key and certificate which you can utilise. If you need to use OpenSSL on Windows, I’ve attached the program to this post. Just extract the files and using a command prompt navigate to the OpenSSL directory and call openssl.exe [then your commands]
To reverse this and merge a .cer file and a .key into a PFX use the below command
OpenSSL pkcs12 –export –in certfile.cer –inkey certfile.key –out certfile.pfx
Kam is a Azure and Microsoft Modern Desktop Certified Administrator and Udemy Intructor. He is a solution architect and served clients ranging from educational, private and government establishments in the UK. Kam has worked within the IT industry for the last 7 years building his experience over a variety of products such as DirectAccess, Always On VPN, SCCM, Hyper-V and now focusing on Azure and Modern Desktop/Mobile Device Management.
