27 Feb 2022

How to convert .pfx file to .crt file for Tomcat server?

Servers, Hosting

While doing server deployment tomcat, I found that the tomcat server required .crt and .key files to run the server on HTTPS.

I obtained only the .pfx file from networksolutions registrar. 

Is there any safe way to get the .key or .crt - certificate file without tempering the original certificate file safely? 

Will it work to run a web application on HTTPS port?


Eslam Zedan

28 Feb 2022


28 Feb 2022

Best Answer

best answer

Life becomes easy when OpenSSL is the savior!

It is so easy to get .crt and .key file from your .pfx file using openSSL.

Step 1: Install and unzip OpenSSL. Keep .pfx file with yourself handy.

Step 2: First get your private key from your .pfx file.

openssl pkcs12 -in [yourfilename.pfx] -nocerts -out [keyfilename-encrypted.key]

Please note that, when you are going to enter the password, you can’t see against password, but they are typing in the back. 

Step 3: Get your .crt file from your .pfx file.

openssl pkcs12 -in [yourfilename.pfx] -clcerts -nokeys -out [certificatename.crt]

Step 4: Using private key (step2), get your .key file

openssl rsa -in [keyfilename-encrypted.key] -out [keyfilename-decrypted.key]

Voila! You are done! 

Now you can use your files to run your servers over secure protocols!

Reference: You can read more information and better examples here → Server SSL - extract .pfx .crt and .key file

What do you think about this article? — Is it helpful? — Please comment below.

© 2024 Copyrights reserved for