Extract certificate chain from keystore

This solution describes how to extract the certificate chain from a keystore (p12 or pfx), using different tools (OpenSSL, Keystore Explorer, Windows Cert Manager mmc).

OpenSSL

Run this OpenSSL command:

openssl pkcs12 -in INFILE.p12 -out OUTFILE.crt -nokeys

Change the name of the p12-file to match your environment.

After you run the command, enter the keystore password (when prompted for it).

Keystore Explorer

• Launch Keystore Explorer

• Open an existing KeyStore

• Point to your p12/pfx file

• Enter the password

• Right click the first entry in the list and select Export->Export Certificate Chain

• Save to a file

Windows

• Doubleclick the p12/pfx file in Window

• Import to Computer Account->Local Computer

• Open mmc.exe

• Select File->Add/remove snap-in

• Select Certificates

• Select Computer account

• Select Local Computer

• Find the newly imported certificates (under Personal)

• Right click and select Export

• Do not export the private key

• Select format = Base64 encoded (X509)

• Save to a file