1. SecureAuth Support
  2. Support Documentation
  3. IdP Knowledge Base Articles

How to extract a PEM file from a PFX

Follow
Avatar
Ben Watts
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises

    • Version Affected:  All

    Description:  
    How to extract a PEM file from a PFX without the Private Key

    Cause:  
    Some Service Providers/Applications require a PEM file to be uploaded for services such as SAML Signature verification, this Article provides the steps to follow to acquire the PEM file from the PFX file

    Resolution:  

    1. Export the PFX file as directed by this Article - https://support.secureauth.com/hc/en-us/articles/34685205970708-How-to-correctly-export-a-PFX
    2. Download OpenSSL from the following link - https://openssl-library.org/source/
      There are standalone installers for Windows installations (as an example -  https://slproweb.com/products.html) but these should be used carefully and are done so at your own risk
    3. Once the PFX has been exported and OpenSSL has been installed, open the OpenSSL Command Prompt and browse to the location of the exported PFX file
    4. Type the following command, replacing %certificate_name% with the actual name of the Certificate
      openssl pkcs12 -in %certificate_name%.pfx -clcerts -nokeys -out %certificate_name%.pem
      As an example
      openssl pkcs12 -in SecureAuth_Certificate.pfx -clcerts -nokeys -out SecureAuth_Certificate.pem
    5. You will be asked to enter the Password used when the PFX was exported, enter that and press Enter
    6. This will output the required PEM file



    7. To ensure the PEM file was extracted correctly, open the PEM file with a Text Editor to display the details, see below for an example




     

    Special Considerations (optional as needed):  
    Do not leave PFX files in unsecured locations, once they are ingested into a Certificate Store (recommended to ensure the Private Key is exportable), we recommend they are deleted from the file structure as soon as you no longer require them in that location

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Article is closed for comments.

    Related articles

    Links:

    Identity Platform Documentation Portal
    Identity Platform Product Lifecycle Policy
    Global Support Policy

    Contact Support:

    Submit a Ticket
    Identity Platform Support: (866) 859-1526