Extract certificate and private key from a pkcs12 container in Digital Access
This article describes how to extract the certificate and private key from a pkcs12 container for use in Smart ID Digital Access component.
Prerequisites
OpenSSL must be installed on your machine. You can read more here: https://www.openssl.org/source/
You must have access to the .pfx file and the import password for the certificate.
Extract root CA certificate
openssl x509 -in certificate.p12 -out root.crt -nokeys -cacerts
This command extracts the root certificate and save it to the root-certificate.pem file.
Extract intermediate CA certificate
openssl x509 -in certificate.p12 -out intermediate.crt -nokeys -clcerts
This command extracts the intermediate certificate and save it to intermediate-certificate.pem file.
Extract public certificate
openssl pkcs12 -in certificate.p12 -out certificate.pem -clcerts -nokeys
This command extracts the public certificate and saves it to certificate.pem file.
Extract manually in Windows
You can also extract the root CA certificate and intermediate CA certificate from the certificate chain manually in Windows. This is done from a PFX file manually without the commands. Do the following.
Extract the certificates from the PFX file.
View the contents of the certificates to identify the root certificate and the intermediate certificates.
Export the root and intermediate certificates to separate files.
Extract Private Key
The following commands extracts private key from the PFX file and saves it in the private_key.pem file.
Encrypted
openssl pkcs8 -topk8 -inform PEM -outform PEM -in in.key -out out.pkcs8 -v1 PBE-MD5-DES
Ensure that you have provided the password as the key is encrypted.
Unencrypted
openssl pkcs12 -in certificate.p12 -out key.pem -nocerts -nodes
Configuration in Digital Access
Once you have the private key and certificate files, configure it in the Digital Access by the following steps from Add certificates in Digital Access.