4.3.2.2. Converting Pfx files to wt pem format

You'll need to use a tool like OpenSSL to extract the private key and server certificate from the PFX file. OpenSSL is a widely used and powerful open-source cryptographic library.

Open a command prompt or terminal and use the following OpenSSL command to extract the private key:

openssl pkcs12 -in yourfile.pfx -nocerts -out privatekey.pem

You will be prompted to enter the import password for the PFX file. This password is used to protect the private key inside the PFX file.

Now, extract the server certificate from the PFX file using the following command:

openssl pkcs12 -in yourfile.pfx -clcerts -nokeys -out servercert.pem

Extract the Intermediate Certificates (if any):

If the PFX file contains intermediate certificates (sometimes called chain certificates or CA certificates), you'll need to extract them as well. Intermediate certificates are the certificates that bridge the gap between the server certificate and the root certificate authority.

openssl pkcs12 -in yourfile.pfx -cacerts -nokeys -out intermediatecerts.pem

Combine the Server Certificate and Intermediate Certificates:

If there are multiple intermediate certificates, you can concatenate them into a single file using a text editor or the cat command (on Unix-like systems):

cat servercert.pem intermediatecerts.pem > serverchain.pem

To generate a temporary Diffie-Hellman (DH) parameter file:

You can use the OpenSSL command-line tool. The DH parameters are used in some SSL/TLS configurations to enable ephemeral Diffie-Hellman key exchange, which adds an extra layer of security to the SSL/TLS handshake.

openssl dhparam -out dhparam.pem 2048