Exporting Certificates from the Windows Certificate Store describes how to export a certificate and private key into a single .pfx file. Follow the procedure below to extract separate certificate and private key files from the .pfx file.
- Start the MMC snap-in certmgr.msc. You will be asked if you want operate on your Personal certificate store, the local machine Personal certificate store, or the store associated with a service account. In most cases you want the local machine store.
- In the left pane, navigate to the node that contains the certificate of interest.
- Right click on the certificate and select All Tasks > Export
- Follow the prompts in the Certificate Export Wizard. Note: you won't be able to export a private key if it wasn't marked as exportable when you originally created the CSR for the certificate.
- Take the file you exported (e.g. filename.pfx) and copy it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
- Run the following OpenSSL command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- Run the following OpenSSL command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Run the following OpenSSL command to remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key