# De-compiling .pfx file In the previous note we have taken insights how can we make a .pfx format file for our SSL work , Many vendors & certificate issuers provide the pfx format as their ssl for the purchased domain. So now we will take insights how to de-compile the pfx file & the the following files from it : * CA Certificate (Root CA) * Private Key (.key) * CA-Chain (.bundle) *** {% hint style="info" %} Reference Website : {% endhint %} Here we have obtained the pfx file from the domain provider and now we will extract the necessary files above mentioned using openssl

Now we will extract the files one by one , Extracting the private key first from the pfx file ``` ~ Extracting the private key from the pfx file : # openssl pkcs12 -in wildcard_ghoulsec.pfx -nocerts -out private.key -nodes ``` We have extracted the private key now we will extract the ca certificate also known as the root ca certificate ``` ~ Extracting the ca certificate from the pfx file : # openssl pkcs12 -in wildcard_ghoulsec.pfx -clcerts -nokeys -out ca.crt ``` We have extracted the certificate of the domain and now we will extract the CA-chain file in which we can get the root ca file bundled which can later be used to sign the certificates. ``` ~ Extracting the ca-chain certificate bundle from the pfx file : # openssl pkcs12 -in wildcard_ghoulsec.pfx -cacerts -nokeys -out ca-chain.bundle ``` Now we have generated all the necessary files now we will verify that all the files extracted are integral to the main pfx package file.

Check the modulus of the private key: ``` ~ Compare the output of the following commands : # openssl rsa -in private.key -noout -modulus # openssl x509 -in ca.crt -noout -modulus ``` Check the output of the following command : ``` # openssl verify -CAfile ca-chain.bundle ca.crt The output of the following command look like : ```

***