When working with AWS Certificate Manager to import certificates into load balancers or CloudFront distributions, you’ll often need to convert from Windows’ native .pfx format to the .pem format that AWS requires.
The .pfx (Personal Information Exchange) format is used by Windows to export SSL certificates along with their private keys, allowing migration between machines. AWS services, however, expect .pem format.
Conversion Command
The conversion can be done in a single OpenSSL command:
openssl pkcs12 -in src-ssl.pfx -out dest-ssl.pem -nodesYou’ll be prompted to enter the password for the .pfx file. The resulting .pem file will contain three sections:
- Private Key — the certificate’s private key
- Certificate — the SSL certificate itself
- Certificate Chain — the intermediate and root authority certificates
These sections can be extracted individually if needed, for example when AWS Certificate Manager asks for the certificate body, private key, and certificate chain as separate inputs.