1. Generate Pfx From Crt
2. Exporting Private Key From Pfx

This guide will show you how to convert a .pfx certificate file into its separate public certificate and private key files. This can be useful if you want to export a certificate (in the pfx format) from a Windows server, and load it into Apache or Nginx for example, which requires a separate public certificate and private key file.
In the examples below, the following files will be used:
domain.name.pfx – This will be the PFX file containing the public certificate and private key.
domain.name.crt – This is the public certificate file outputted by OpenSSL.
domain.name.key – This is the private encryption key for the above certificate outputted by OpenSSL.
Extracting the public certificate from the pfx file

Generate Pfx From Crt

A.pfx file is a PKCS#12 archive: a file that can contain a lot of objects with optional password protection; but, usually, a PKCS#12 archive has a certificate (possibly with its assorted set of CA certificates) attached to it and the corresponding private key. All SSL Certificates require a private key to work. The private key is a separate file that’s used in the encryption/decryption of data sent between your server and the connecting clients. A private key is created by you—the certificate owner—when you request your certificate with a Certificate Signing Request (CSR).

Enter in the password for the PFX file when asked. You cant export the certificate or key if you don’t have this password.
You will now have the public certificate file (eg: domain.name.crt).
Extracting the private key from the pfx file

Enter in the password for the PFX file when asked. You cant export the certificate or key if you don’t have this password.
You will now have the private key file (eg: domain.name.key).

Applicable Products

• NetScaler

Exporting Private Key From Pfx

Instructions

Note: First you will need a linux based operating system that supports openssl command to run the following commands.

1. Extract the key-pair
   #openssl pkcs12 -in sample.pfx -nocerts -nodes -out sample.key

2. Get the Private Key from the key-pair
   #openssl rsa -in sample.key -out sample_private.key

3. Get the Public Key from key pair
   #openssl rsa -in sample.key -pubout -out sample_public.key

   Jul 14, 2017  Here, click on button ‘ Create New Access Key ‘. Once clicked your access key pair will be generated automatically. Each access key pair consist of  access key ID and secret access key. Access key ID will be visible to you in your account all the time (like you can see it in above screenshot). Oct 15, 2018  AWS will tell you it’s best practice to rotate keys “on a regular schedule.” And then the AWS Security Team wrote up a long blog post about how to rotate your keys. Other cloud compliance vendors will tell you to rotate keys every 90 days. An access key grants programmatic access to your resources. This means that the access key should be guarded as carefully as the AWS account root user sign-in credentials. It's a best practice to do the following: Create an IAM user and then define that user's permissions as narrowly as possible. Create the access key under that IAM user. Automatically generate aws key everyday. If your goal is to generate IAM access keys for a new user, login to the AWS console, go to IAM, go to users, Add User, click 'Programmatic access', then Set permissions for the user and finish by creating the user. On the next screen will be the access keys. Choose Create Key Pair. For Key pair name, enter a name for the new key pair, and then choose Create. The name can include up to 255 ASCII characters. It can’t include leading or trailing spaces. The private key file is automatically downloaded by your browser.

4. Need to do some modification to the private key -> to pkcs8 format
   #openssl pkcs8 -topk8 -inform PEM -in sample_private.key -outform PEM -nocrypt
   Copy the output and save it as sample_private_pkcs8.key

5. Get those files
   public key: sample_public.key
   private key: sample_private_pkcs8.key