Another prospect for this on Linux ... here's how to do it so that as a result one file contains the decrypted private key, so something like HAProxy can use it without asking for a passphrase.
openssl pkcs12 -in file.pfx -out file.pem -nodes
You can then configure HAProxy to use the file.pem file.
This is the EDIT from the previous version, where I had these few steps until I realized that the -nodes option just bypasses private key encryption. But I leave it here, as it may just help with learning.
openssl pkcs12 -in file.pfx -out file.nokey.pem -nokeys openssl pkcs12 -in file.pfx -out file.withkey.pem openssl rsa -in file.withkey.pem -out file.key cat file.nokey.pem file.key > file.combo.pem
- In the first step, a password is suggested to open PFX.
- In the second step, you will be asked to add a plus passphrase for the key.
- In the third step, you are prompted to enter the passphrase that you just created to store the decrypted files.
- The fourth transfers everything together to 1 file.
You can then configure HAProxy to use file.combo.pem.
The reason you need two separate steps when you specify a file with a key and the other without a key is because if you have a file with an encrypted and decrypted key, something like HAProxy still suggests you enter the key phrase when he uses it.
user2415376 May 23 '13 at 21:33 2013-05-23 21:33
source share