How to Extract SSL Certificates from a PFX File on macOS
If youโve ever been handed a .pfx file and told to โjust upload the certificate,โ you know the pain thatโs coming.
PFX (PKCS#12) files bundle your private key, SSL certificate, and any intermediate certificates into one encrypted file. Thatโs great until you actually need to extract those pieces for something like an NGINX server, AWS load balancer, or third-party CDN that wants them all separately.
MacOS has OpenSSL built in, which is all you need. Hereโs a simple shell script I use to generate the cert, private key, and chain in one shot and make them clipboard-ready for easy pasting.
Save the following as extract-ssl-from-pfx.sh:
Make it executable:
Then run it:
Follow the prompts. Youโll end up with three files and the contents ready to paste one by one wherever you need them.
Your private key is sensitive. Please donโt leave it lying around. Store it securely or delete it after use.
This script saves me time every time I deal with certificates. Hopefully, it does the same for you. If you have improvements or tweaks, Iโd love to hear them.
Self-signed SSL certificates not working with MAMP and Chrome
I use MAMP Pro for most of my PHP development and Chrome has annoyingly been blocking the self-signed SSL certificates MAMP generates, saying the certificate is not valid and "Your connection is not private":
Thankfully, I found an easy solve to fix this. These steps assume you've created a host in MAMP. You'll need to go to the SSL tab of the host you are trying to fix and
Go back to Chrome, and reload the page and the certificate should work now: