First this process doesn’t hack/crack the PFX you will need the password still.
Scenario you have to update your SSL certificate but all you saved was your PFX file and know the password for it.
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
You get prompted for the Import Password and if you have typed the correct one you will see “MAC verified OK”
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
You get prompted for the Import Password and if you have typed the correct one you will see “MAC verified OK”
openssl rsa -in key.pem -out server.key
You get prompted for the Import Password and if you have typed the correct one you will see “MAC verified OK”
Now if you have purchased a certificate from GoDaddy.com or another service that provided a .crt and .p7b file you can do this process to create a new PFX file.
openssl pkcs7 -print_certs -in gd-p7bcert.p7b -out gd-p7bcert.crt
openssl pkcs12 -export -out certificate_`date +%Y_%m_%d_%H.%M.%S`.pfx -inkey key.pem -in gd-crt.crt -certfile gd-p7bcert.crt
You should get prompted for the export password and to verify it then you will have a time & dated pfx file.
Last Updated on March 9, 2017