Converting PFX/P12 Certificates to PEM

If your certificate was provided in PKCS12 format (a .pfx or .p12 file), you need to extract the PEM certificate and private key before configuring SSL. Curator bundles OpenSSL, so you can run these commands directly in PowerShell.

Extract the certificate:

& 'C:\InterWorks\Curator\libs\Apache24\bin\openssl.exe' pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [cert.pem]

Extract the private key:

& 'C:\InterWorks\Curator\libs\Apache24\bin\openssl.exe' pkcs12 -in [yourfile.pfx] -nocerts -nodes -out [cert.key]

If the .pfx file includes a certificate chain, extract it as well:

& 'C:\InterWorks\Curator\libs\Apache24\bin\openssl.exe' pkcs12 -in [yourfile.pfx] -cacerts -nokeys -chain -out [chain.crt]

Note: If the .pfx / .p12 file is password-protected, OpenSSL will prompt you for the import password when running these commands. The -nodes flag in step 2 produces an unencrypted private key, which is what Curator requires. If you omit -nodes (or are following a legacy workflow), the extracted key will be passphrase-encrypted — see Removing Passphrases to remove it.

Windows SSL Force SSL

⌘I

Get Started

Self-hosted Setup

Authentication

Creating Integrations

Embedding & Using Analytics

Site Content & Design

Users & Groups

Site Administration

Upgrading & Migration

Server Management

Best Practices

Tutorials

Assets