JA T3 Framework

Fast. Flexible. Powerful


Converting a pfx certificate to the pem format

When installing simpleSAMLphp you will need a certificate in the pem format to sign and encrypt. But most often certificates is given it pfx format or its needed to wxport certificates from a windows environment.

Exporting the certificate

When doing a certificate export from an exisiting Windows webserver:

  1. Select "Yes, export the private key",  "Include all certificates in the certification path if possible", "Enable Strong Protection
  2. Select a password for the export file
  3. Select a name for the exportfile  "something.pfx" and save.
  4. Now you can copy the file to the unix-server where you need the certificate.

Converting the pfx file

In order to convert the certificate from pfx to pem format use the following openSSL command:

openssl pkcs12 -in <something>.pfx -out <something>.pem -nodes

If the certificate is protected by a password, you will be prompted for the password. Enter your password and the export is done.



The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed.

''-in filename''

This specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.

''-out filename''

The filename to write certificates and private keys to, standard output by default. They are all written in PEM format.


Do not encrypt the private keys at all.

For more help using openSSL visit the homepage for [http://www.openssl.org].

WAYF – Where Are You From
Asmussens Allé, Building 305
DK-2800 Lyngby


You are here: