Remove Private Key Password From PKCS12 File

Posted 01/26/2018 7:49 PM by Corey Klass

Per this question on Serverfault:

If you have a PFX file that contains a certificate and private key with password, and would like to separate the certificate and private key and strip out the password, you can use these steps in OpenSSL:

  • PASSWORD is your current password
  • YourPKCSFile.PFX is the file you want to convert
  • NewPKCSWithoutPassphraseFile is the target file for the PKCS12 without passphrase

Follow the steps below:

  1. Extract the certificate: openssl pkcs12 -clcerts -nokeys -in "YourPKCSFile.PFX" -out certificate.crt -password pass:PASSWORD -passin pass:PASSWORD

  2. Extract the certificate authority key: openssl pkcs12 -cacerts -nokeys -in "YourPKCSFile.PFX" -out ca-cert.ca -password pass:PASSWORD -passin pass:PASSWORD

  3. Extract the private key: openssl pkcs12 -nocerts -in "YourPKCSFile.PFX" -out private.key -password pass:PASSWORD -passin pass:PASSWORD -passout pass:TemporaryPassword

  4. Remove the passphrase: openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:TemporaryPassword

You now have three separate files without a password.