Convert P12 to P8 certificate

Do you of some reason need to convert a P12 certificate to a P8 certificate?

This is how you can do that.

Step 1.

openssl pkcs12 -in certificate.p12 -out certificate.pem -clcerts -nokeys

Step 2

openssl pkcs12 -in certificate.p12 -out key.pem -nocerts -nodes

Step 3

openssl pkcs8 -topk8 -inform PEM -outform PEM  -in in.key -out out.pkcs8 -v1 PBE-MD5-DES

Convert to PFX with OpenSSL

Are you in need of PFX file, or as some people will say a P12 (pkcs12).
What do you need to do to perform this convert?
First off you need Openssl. Then you need crt file and the key file.

After that is just run this command below to convert to PFX with OpenSSL

openssl pkcs12 -export -out application-company-domain.pfx -inkey application-company-domain.key -in application-company-domain.crt

If you are not sure about the password to the key file, to test the key is valid with a password you have, try this command.

openssl rsa -in application-company-domain.key

There you have some other post about OpenSSL

Create pfx file openssl

Start cmd as admin
Then navigate and start OpenSSL

After started OpenSSL have key and CRT file in the same folder

Run this command:
pkcs12 -export -out -inkey -in

Openssl Create a cnf file

Don’t forget to check out how if you not sure
how to get started or create CSR file.

How to create a CNF file

——————Copy under this line to a cnf file——————


req_extensions = v3_req
distinguished_name = req_distinguished_name


countryName = EN
stateOrProvinceName = CITY
localityName = CITY-AREA
organizationalUnitName = Company name
commonName =

[ v3_req ]

# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names


DNS.1 =
DNS.2 =

——————Copy above this line to a cnf file——————

Save the information in to cnf file place it same place ass openssl file
In this exemple its named:something-domain-com.cnf

Command to run in opensll
req -new -newkey rsa:2048 -nodes -keyout something-domain-com.key -out something-domain-com.csr -config something-domain-com.cnf

Check your CRS file looks good at CSR Decoder

OPENSSL create csr file

Download OpenSSL

Click on C:\openssl\bin\openssl.exe (if you run it in Windows)
(you might want you to copy openssl.cnf from c:\openssl\bin to c:\openssl)

run this command: req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

example: req –new newkey rsa:2048 –nodes –keyout star-something-domain-com.key –out star-something-domain-com.csr

Note you can do this over if something goes wrong, it’s just a local file so far

. = blank

Next step for example Godaddy wants the CSR code so

Open CSR file with notepad och copy it and paste it on the homepage
Don’t forget to read about how to create CNF file to make it easier to create CRS files.

Check your CRS file looks good at CSR Decoder