I regularly have to convert PFX files into separate files that contain the server key or the private key and the certificate which will be in the format as below:
cert.pem : Certificate File
key.pem : Private Key
The purpose of this script is to take a PFX file that is encrypted with the password and then split it into a certificate file (cert.pem) and private key file (key.pem)
The script will take a base folder in the script I have some directory's for CertA though CertC as you can see below:
If we start a command prompt to this SSL directory and they type in this command
tree /F
You will then get a visual representation of the folder structure as you can see below, and we have 3 PFX files in 3 different folders:
SSL
├───CertA
│ smetrics.pfx
│
├───CertB
│ newcert.pfx
│
└───CertC
sp.pfx
The script will then take the name of the PFX file add that as a variable and then run the OpenSSL command on that file to create the two additional files, but keeping those files in the folder where the PFX file is located - the commands used are :
openssl pkcs12 -in <pfx_file> -nocerts -out key.pem -nodes
openssl pkcs12 -in <pfx_file> -nokeys -out cert.pem
The password for all the PFX files is the same for this script to work and do its magic as you need a password with a PFX file, however access to the disk they are located on is highly restricted 🚫
Script will find all the PFX files in the folders and then dynamically add the Base64 PEM and key files to the folder, lets get the script:
# Define the base folder to start the search
$baseFolder = "C:\Quarantine\PFXtoPEMAutomation\SSL"
# Define the password for the PFX files
$pfxPassword = "R3a11yS3cu35P@ssw0rd"
# Recursively find all .pfx files in the base folder
Get-ChildItem -Path $baseFolder -Recurse -Filter *.pfx | ForEach-Object {
$pfxFilePath = $_.FullName
$directory = $_.DirectoryName
# Output the file being processed
Write-Output "Processing PFX file: $pfxFilePath"
# Change to the directory containing the PFX file
Push-Location -Path $directory
# Extract the key and certificate from the PFX file
try {
# Extract the private key
Write-Output "Extracting private key to key.pem..."
& openssl pkcs12 -in (Split-Path -Leaf $pfxFilePath) -nocerts -out key.pem -nodes -password pass:$pfxPassword
Write-Output "Private key extracted successfully."
# Extract the certificate
Write-Output "Extracting certificate to cert.pem..."
& openssl pkcs12 -in (Split-Path -Leaf $pfxFilePath) -nokeys -out cert.pem -password pass:$pfxPassword
Write-Output "Certificate extracted successfully."
} catch {
Write-Error "An error occurred while processing ${pfxFilePath}: $_"
}
# Return to the previous location
Pop-Location
# Output completion for this file
Write-Output "Finished processing PFX file: $pfxFilePath"
Write-Output "---------------------------------------------------"
}
When the script is run it should look like this without any errors or fails
Then we can confirm this has worked with the path command again:
tree /F
That should confirm the each folder now has the cert.pem and key.pem created and added, as as you can see from below it has done that as expected:
SSL
├───CertA
│ cert.pem
│ key.pem
│ smetrics.pfx
│
├───CertB
│ cert.pem
│ key.pem
│ newcert.pfx
│
└───CertC
cert.pem
key.pem
sp.pfx