OpenSSL generates synthetic PFX files

It converts the "KEY file+CRT file" used by Apache/OpenSSL into a standard PFX file, which can be imported into Microsoft IIS 5/6/7, Microsoft ISA, Microsoft Exchange Server and other software.

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

(server.key is the private key file server.crt file, which contains two sections. Please do not delete any section. The generated server.pfx is used to import IIS)

Openssl exports the private key and public key from PFX

1. Extract the key pair (If the pfx certificate is encrypted, you will be prompted to enter the password.)

openssl pkcs12 -in server.pfx -nocerts -nodes -out 1.key

2. Extract the private key from the key pair (generally required by Apache and nginx configurations)

openssl rsa -in 1.key -out 1_pri.key

3. Extract public key from key pair

openssl rsa -in 1.key -pubout -out 1_pub.key

Openssl exports server certificate from PFX

Server client certificate acquisition: openssl pkcs12 - in server.pfx - lcerts - nokeys - out server.cer

Convert PFX format certificate to JKS format certificate

keytool -importkeystore -srckeystore domains_ssl.pfx -destkeystore domains.jks -srcstoretype PKCS12 -deststoretype JKS

Enter the JKS certificate password and PFX certificate password. It is highly recommended that the JKS password be the same as the PFX certificate password, otherwise Tomcat may fail to start.

Of course, there are many conversion tools on the Internet to facilitate the conversion of certificate formats