I work in a mixed Linux and Windows environment. Our Certificate Authority is Windows. Unfortunately the Windows CA does not support exporting a certificate in PEM (Privacy Enhanced Mail Certificate) format. Fortunatley there is a relativity easy work around. Which requires one to download OpenSSL utilities. Most Linux applications I have supported require the certificate be in a PEM format to be readable.
In this example I export the certificate with the private key from the Windows CA. Using the openssl utility to extract the private key ( .pem file) from .pfx (Personal Information Exchange).
PFX: Defines a file format commonly used to store private with accompanying public key certificates, protected with a password-based symmetric key (standard-PKCS12).
PEM : Openssl usages PEM (Privacy Enhanced Mail Certificate) to store the private key.
If you have downloaded the openssl utility, then go to command prompt and run the following commands. If not, download it from openssl, you can either download binary or source and then compile.
Execute the following command to extract the private key from the PFX file.
STEP 1. Extract the private key from the PFX file.
openssl pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
STEP 2. To extract the certificate in PEM format from the publicly signed certificate.
openssl pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
STEP 3. To remove the password from the private key file. Some applications require that the password be removed from the private key or they will fail to start.
openssl rsa -in privateKey.pem -out privateNoPassword.pem
In addition, the certificate files should be secured so that only root has access to them.