The exported PKCS #12 file must be converted into separate root certificate, user certificate, and private key files.
To convert the exported PKCS #12 file you need the OpenSSL utility, openssl.exe. If the utility is not already available run DemoCAAddPack_80.msi [1] to install the Micro Focus Demo CA utility, which includes the OpenSSL utility. Ensure that you have added the OpenSSL utility to your system PATH environment variable. If you want to install DemoCA, see Installing Micro Focus Demo CA for more information. If you install OpenSSL as part of DemoCA, then the typical installation directory is C:\Program Files (x86)\Micro Focus\DemoCA.
openssl base64 -d -a -in <PKCS#12file> -out <PKCS#12file.bin>
openssl pkcs12 -in <PKCS#12file.bin> -noout
Enter Import Password:
Type the pass phrase of the certificate. This should have been provided by your system programmer. If the certificate is validated the following message is displayed:
MAC verified OK
openssl pkcs12 -in <PKCS#12file.bin> -out <PKCS#12file.pem>
Enter Import Password:
Type the pass phrase of the certificate used in the earlier steps.
Enter PEM pass phrase:
The first block is the root certificate, copy the text between and including the begin and end markers:
-----BEGIN CERTIFICATE----- MIICIzCCAYygAwIBAgIBADANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwl6MTE0 IFJBQ0YwHhcNMTUwNDMwMDQwMDAwWhcNMjAwNTAxMDM1OTU5WjAUMRIwEAYDVQQD Ewl6MTE0IFJBQ0YwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1/erilx5sW rLh33cEg2rcG5ParEOl3gGc0DmNNFzzldAFje8hMyTfrONUtOaP071o9MrTNXqYl s1XxMi5FTWRdpyaCpVoz/SijfDcZn5yhHS4MnjHJMSIGGmdL6GWRI8b6XOQAb/NT 49rGUyZ7AEesOcFzP5QJPHUHY7uq35ONAgMBAAGjgYQwgYEwPwYJYIZIAYb4QgEN BDIWMEdlbmVyYXRlZCBieSB0aGUgU2VjdXJpdHkgU2VydmVyIGZvciB6L09TIChS QUNGKTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR7TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU iR3ggglnf2gzjIINBnXt0pLsqC0wDQYJKoZIhvcNAQEFBQADgYEAmIxFhG//qowm etlJFYgmlSljwJ8ADUHK7vokLTTloSdcqPkkfLwRMINu0EFqrQAwy3JhSB3CqWWI j6Dzi4vco87LQ3K7xZz6YswhE+6/JowDIijR7eEXBdNYgn/9RzWyz9/gLrSL/wBO 9pubetQcKseLbJ5Be/q3Frm7GnLjoYs= -----END CERTIFICATE-----
Paste the copied text into a file and save the file with a name that clearly identifies it; for example, servername-root-cert.pem.
The second block is the user certificate. Copy the text between and including the second begin and end markers.
Paste the copied text into a file and save the file with a name that clearly identifies it; for example, servername-user-cert.pem.
The third block is the private key. Copy the text between and including the third begin and end markers.
Paste the copied text into a file and save the file with a name that clearly identifies it; for example, servername-user-key.pem.
openssl pkcs8 -topk8 -nocrypt -in <servername-user-key.pem> -out <servername-user-key.der> -outform der
Enter pass phrase for servername-user-key.pem:
You can use a new pass phrase, or you could reuse the original pass phrase supplied with the PKCS #12 file.