Extract certificate chain from keystore

This solution describes how to extract the certificate chain from a keystore (p12 or pfx), using different tools (OpenSSL, Keystore Explorer, Windows Cert Manager mmc).

OpenSSL

Run this OpenSSL command:

openssl pkcs12 -in INFILE.p12 -out OUTFILE.crt -nokeys

Change the name of the p12-file to match your environment.

After you run the command, enter the keystore password (when prompted for it).

Keystore Explorer

Launch Keystore Explorer
Open an existing KeyStore
Point to your p12/pfx file
Enter the password
Right click the first entry in the list and select Export->Export Certificate Chain
Save to a file

Windows

Doubleclick the p12/pfx file in Window
Import to Computer Account->Local Computer
Open mmc.exe
Select File->Add/remove snap-in
Select Certificates
Select Computer account
Select Local Computer
Find the newly imported certificates (under Personal)
Right click and select Export
Do not export the private key
Select format = Base64 encoded (X509)
Save to a file

PreviousSetup Prometheus and Grafana NextInstall with Ansible

Last updated 11 months ago