Let’s say you have a certificate bundle in PKCS12 format, where you have the Private Key, the Public Key (Certificate Signed by a CA) and the Chain, and you need to break it down into its individual files for use within an application or the like. You can achieve this with the following set of commands, assuming your certificate bundle has a password which it really should as you have the Private Key in it; you’ll end up with three files.
Firstly put into a environment variable the certificate bundle password:
export CERTPASS="<mypasswordhere>"To get the Private Key:
openssl pkcs12 \
-in mycertfile.p12 \
-out mycertfile-key.pem \
-nocerts \
-nodes \
-passin env:CERTPASSTo get the Public Key (Certificate):
openssl pkcs12 \
-in mycertfile.p12 \
-out mycertfile-cert.pem \
-clcerts \
-nokeys \
-passin env:CERTPASSTo get the Chain, so the CA Certificate and any Intermediate Certificates:
openssl pkcs12 \
-in mycertfile.p12 \
-out mycertfile-chain.pem \
-cacerts \
-nokeys \
-passin env:CERTPASSAnd you’re done!