Private key from exported P12 file

Very useful for POUND proxys and OS X CA’s

As a side note, to export a Private key from OS X keychain you must select BOTH the private key and the certificate it is linked too.  Easiest way to do this is view the keys, then swing down the arrow next to the key you want to show the Certificate.  Select BOTH and then right click and chose Export. This will produce a P12 file with the Certificate and Private key.

You can use following commands to extract public/private key from a PKCS#12 container:

Private key:

openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem

Certificates:

openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem

To extract the private key in a format openssh can use:

openssl pkcs12 -in pkcs12.pfx -nocerts -nodes | openssl rsa > private.key

To convert the private key to a public key:

openssl rsa -in id_rsa -pubout | ssh-keygen -f /dev/stdin -i -m PKCS8

To extract the public key in a format openssh can use:

openssl pkcs12 -in pkcs12.pfx -clcerts -nokeys | openssl x509 -pubkey -noout | ssh-keygen -f /dev/stdin -i -m PKCS8

To Convert to a PEM including private keys

openssl pkcs12 -in file-to-convert.p12 -out converted-file.pem -nodes