Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.


This article describes how to extract the certificate and private key from a pkcs12 container for use in Smart ID Digital Access component.

In this description, the container is named certificate.pfx and is of the type pkcs12.

  1. Enter each of the below steps in a terminal/command prompt with openssl on the path:

    Example: Enter these commands
    openssl pkcs12 -in certificate.pfx -out certificate.pem -clcerts -nokeys
    openssl pkcs12 -in certificate.pfx -out key.pem -nocerts -nodes
    openssl pkcs8 -topk8 -inform PEM -outform PEM  -in key.pem -out key.pkcs8 -v1 PBE-MD5-DES

    In the last step it is important to use a password for the target key, as it must be encrypted.

  2. When the steps are finished, upload the files certificate.pem and key.pkcs8 in the administration service and select the check boxes for each CA certificate in the chain.
  • No labels