How-To extract .crt and .key from a .pfx certificate

In the course of setting up our Azure KeyVault, we also had to assign an appropriate certificate in the Azure App Registration. To do this, however, it was necessary to extract a .crt, .pem or .cer certificate from our existing wildcard certificate. Unfortunately i had only the .pfx file available. You can achieve this with the help of the opensource component OpenSSL using the following lines.

Certificate Handling using OpenSSL

Download and install OpenSSL

Download and install OpenSSL for your OS from one of the URLs in this Wiki page.

Extract the certificate

Open a console and navigate to the OpenSSL installation folder. Once there, go to the \bin subfolder:

Now you could edit the following line according to your .pfx-file’s destination.

openssl pkcs12 -in "mypfxfile.pfx" -clcerts -nokeys -out "mycert.crt"

If you have your .pfx in a different directory than OpenSSL, this might look like this.
OpenSSL will then ask you for your .pfx-file’s password:

Extract the private key

Open a console and navigate to the OpenSSL installation folder. Once there, go to the \bin subfolder:

openssl pkcs12 -in "mypfxfile.pfx" -nocerts -out "mycert.key"

After entering your .pfx-file’s password, you will need to enter a password to protect your key file (PEM pass phrase):

As a result, you’ll find your extracted .crt and .key in the defined directory:

Jens Fritzsche

... is a technical consultant and developer at Comsol Unternehmenslösungen AG in Kronberg/Taunus. Major tasks are the architecture and implementation of complex, usually cross-system applications in and around Microsoft Dynamics 365 Business Central.