For some weird reason, although the steps are simple, i cannot easily find a single page which gives you the exact steps (only 4) to convert a pfx file to a PEM and a KEY file
below are the steps to convert, it will generate an aa_s.key and a aa.pem which you can then use to put into your system e.g apache, hmailserver etc
REM Set the path to include the openssl directory
set path=%path%;C:\OpenSSL\bin;
REM Export the private key
openssl pkcs12 -in aa.pfx -out aa.key -nocerts -nodes
REM take out the encryption from the private key
openssl rsa -in aa.key -out aa_s.key
REM export the ssl cert (normal cases)
openssl pkcs12 -in aa.pfx -out aa.pem -nokeys -clcerts
REM export the ssl cert (Crescendo load balancers)
openssl pkcs12 -in aa.pfx -out aa_tmp_cn.pem -nodes
openssl x509 -in aa_tmp_cn.pem -out aa_cn.pem -text
REM Verification: run the following 2 commands, the output should be exactly the same
openssl x509 -noout -modulus -in aa.pem | openssl md5
openssl x509 -noout -modulus -in aa_cn.pem | openssl md5
openssl rsa -noout -modulus -in aa_s.key | openssl md5
Done!
