If you’ve ever been handed a .pfx file and told to “just upload the certificate,” you know the pain that’s coming.

PFX (PKCS#12) files bundle your private key, SSL certificate, and any intermediate certificates into one encrypted file. That’s great until you actually need to extract those pieces for something like an NGINX server, AWS load balancer, or third-party CDN that wants them all separately.

MacOS has OpenSSL built in, which is all you need. Here’s a simple shell script I use to generate the cert, private key, and chain in one shot and make them clipboard-ready for easy pasting.

Save the following as extract-ssl-from-pfx.sh:

Make it executable:

Then run it:

Follow the prompts. You’ll end up with three files and the contents ready to paste one by one wherever you need them.

Your private key is sensitive. Please don’t leave it lying around. Store it securely or delete it after use.

This script saves me time every time I deal with certificates. Hopefully, it does the same for you. If you have improvements or tweaks, I’d love to hear them.