For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \ -certfile othercerts.pem BUGS Some would argue that the PKCS#12 standard is one big bug :-) Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation routines. The resulting pfx file can be used with the new password. Clone via HTTPS Clone with Git or checkout with SVN using the repository’s web address. $ openssl pkcs12 -export -out cert.pfx -inkey cert.key.pem -in cert.pem Enter Export Password: Verifying - Enter Export Password: For both of those password lines with the OpenSSL command, I just pressed enter. Convert the passwordless pem to a new pfx file with password: To remove the passphrase from an existing OpenSSL key file. More dangerously, you could replace the -noout with -nodes in which case the command will output the contents, including any private keys, without prompting you to … openssl Documention-passout arg pass phrase source to encrypt any outputted private keys with. Solution. Convert cert.pem and private key key.pem into a single cert.p12 file, key in the key-store-password manually for the .p12 file. With following procedure you can change your password on an .p12/.pfx certificate using openssl. aestu To remove the private key password follows this procedure: Copy the private key one directory and Run this command using OpenSSL: # openssl rsa -in [test-private.key] -out [test-wo_password-private.key] Enter the passphrase and [test-private.key] is now the unprotected private key. If you exported it from Internet Explorer having "Secure protection" enabled, openssl functions performance falls a lot. Export you current certificate to a passwordless pem type: openssl pkcs12 -in mycert.pfx/mycert.p12 -out tmpmycert.pem -nodes Enter Import Password: MAC verified OK. Background. The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. openssl pkcs12 -in cert.pfx -nocerts -out privateKey.pem -nodes it then prompts me for a password. Under rare circumstances this could produce a PKCS#12 file encrypted with an invalid key. I don't know whether it is the case with "Elcomsoft distributed password recovery" or not. The certificate doesn't have a password, so I just press enter. openssl pkcs12 -info -in front.p12 -noout OpenSSL will now only prompt you once for the PKCS12 unlock pass phrase. openssl pkcs12 -export -out C:\Temp\SelfSigned2.pfx -in C:\Temp\SelfSigned2.pem Now, you’ll be asked for the new password. The problem could be the PKCS#12 sample file you are using. How did you get it? For the SSL certificate, Java doesn’t understand PEM format, and it supports JKS or PKCS#12.This article shows you how to use OpenSSL to convert the existing pem file and its private key into a single PKCS#12 or .p12 file.. PFX files are usually found with the extensions .pfx and .p12. PFX files are typically used on Windows and macOS machines to import and export certificates and private keys. In order to establish an SSL connection it is usually necessary for the server (and perhaps also the client) to authenticate itself to the other party.