PFX to PEM Extractor
Ek password-protected .pfx/.p12 file aapke browser mein open karein aur use certificate, chain aur private-key PEM blocks mein split karein. File aur uska password aapke device par hi rehte hain.
.pfx file aur uska password poori tarah aapke browser mein decode hote hain aur kabhi upload nahi hote — ArrayKit par kuch nahi bheja jaata. Extract ki hui private key ko secret maanein aur use kisi safe jagah store karein.
SSH keys convert kar rahe hain? PPK to PEM Converter try karein.
PFX to PEM Extractor ke baare mein
Yeh PFX to PEM extractor ek password-protected .pfx ya .p12 (PKCS#12) file open karta hai aur use alag PEM blocks mein split karta hai jo zyadatar web servers aur tools expect karte hain: leaf certificate, koi bhi CA/chain certificates, aur private key. Archive ko drop karein ya file dialog se pick karein, uska password type karein, aur tool use seedhe page mein decode kar deta hai. Har PEM block apne panel mein aata hai jise aap certificate.pem, private-key.pem aur chain.pem ke roop mein copy ya download kar sakte hain. Ise Windows ya IIS certificate bundle ko nginx, Apache, HAProxy ya kisi bhi aise tool mein le jaane ke liye use karein jo single PKCS#12 blob ke bajaye PEM files chahta hai. Galat password ek clear error deta hai, broken file nahi. .pfx file aur uska password aapke browser mein hi rehte hain aur kabhi upload nahi hote.
Features
- Password-protected .pfx aur .p12 (PKCS#12) archives open karta hai
- Bundle ko alag certificate, CA chain aur private-key PEM blocks mein split karta hai
- Shrouded (pkcs8ShroudedKeyBag) aur plain private-key bags dono handle karta hai
- Pehla certificate leaf treat hota hai; baaki CA chain ban jaate hain
- Har PEM block copy karein ya certificate.pem, private-key.pem ya chain.pem ke roop mein download karein
- Galat password par clear "incorrect password or not a valid PKCS#12 file" error
- Files ko drag-and-drop ya file picker se accept karta hai
- Poori tarah aapke browser mein chalta hai — file aur password kabhi aapke device se bahar nahi jaate
PFX to PEM Extractor kaise use karein
- Apni .pfx ya .p12 file box par drop karein, ya choose karne ke liye click karein.
- Woh password type karein jo PKCS#12 archive ko protect karta hai.
- File ko browser mein decode karne ke liye Extract PEM click karein.
- Har PEM block copy karein, ya certificate.pem, private-key.pem aur chain.pem download karein.
Example
Input
server.pfx (PKCS#12, password: ••••••)
Output
certificate.pem
-----BEGIN CERTIFICATE-----
MIID… (leaf certificate)
-----END CERTIFICATE-----
private-key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIE… (private key)
-----END RSA PRIVATE KEY-----
chain.pem
-----BEGIN CERTIFICATE-----
MIID… (intermediate CA)
-----END CERTIFICATE-----
Ek single .pfx bundle leaf certificate, private key aur CA chain PEM files mein split hua.
Common errors aur troubleshooting
- Aapko "Incorrect password or not a valid PKCS#12 file" dikhta hai. — .pfx banate waqt use kiya exact password dobara type karein (yeh case-sensitive hai), aur confirm karein ki file sach mein ek PKCS#12 archive hai jiska .pfx ya .p12 extension ho, koi plain .cer ya .pem nahi.
- Private-key panel empty hai par certificate dikhta hai. — .pfx apni private key ke bina export hui thi (certificate-only export). Source se dobara export karein, private key include karne ka option choose karke, phir try karein.
- CA chain block missing hai. — Har .pfx intermediate certificates bundle nahi karti. Agar aapke server ko full chain chahiye, .pfx ko "include all certificates in the path" enable karke export karein, ya intermediates apni CA se download karein.
- nginx ya Apache private-key.pem ko reject karta hai. — Kuch tools ek specific PEM header chahte hain. Agar aapko RSA PRIVATE KEY mila par PKCS#8 BEGIN PRIVATE KEY (ya vice versa) chahiye, use openssl pkey se convert karein, phir apne server ko converted file par point karein.
Aksar pooche jaane wale sawaal
- PFX / P12 file kya hoti hai?
- Ek .pfx ya .p12 file ek PKCS#12 archive hai: ek single password-protected bundle jo certificate, uske CA/chain certificates, aur matching private key ko ek saath pack karta hai. Windows, IIS aur kai code-signing tools is format mein export karte hain, jabki nginx, Apache aur zyadatar Linux tools tukdon ko alag PEM files ke roop mein chahte hain.
- Main PFX ko PEM mein kaise convert karun?
- .pfx ko is tool par drop karein, uska password enter karein, aur Extract PEM click karein. Yeh archive ko leaf certificate, CA chain aur private key mein split karta hai, har ek apne copyable panel mein certificate.pem, private-key.pem aur chain.pem ke download button ke saath.
- Kya meri private key server par upload hoti hai?
- Nahi. .pfx file aur uska password poori tarah aapke browser mein, aapke device par read aur decode hote hain. File ya uske contents ke baare mein kuch bhi ArrayKit par ya kahin aur nahi bheja jaata.
- Mujhe password ki zaroorat kyun hai?
- Ek PKCS#12 archive encrypted hota hai, aur andar ki private key us password se protected hoti hai jo file banate waqt set hua tha. Sahi password ke bina archive decrypt nahi ho sakta, isliye certificate aur key extract nahi ho sakte.
- Certificate, chain aur private key mein kya difference hai?
- Leaf certificate aapke domain ya identity ko identify karta hai, CA chain woh intermediate certificates hain jo use trusted root se jodte hain, aur private key keypair ka secret half hai. Web servers aksar leaf aur key chahte hain, aur aksar chain bhi.
- Kya yeh .pfx aur .p12 dono extensions support karta hai?
- Haan. Dono same PKCS#12 format hain — .pfx Windows par common hai aur .p12 kahin aur. Extractor koi bhi extension aur koi bhi valid PKCS#12 archive padhta hai, chahe uska naam kuch bhi ho.
Related tools
- PPK ↔ PEM Converter — SSH private keys ko PuTTY .ppk aur OpenSSH/PEM (RSA & Ed25519) ke beech aapke browser mein locally convert karein.
- SSH Key Generator — Ed25519, RSA ya ECDSA SSH key pairs aapke browser mein generate karein aur download karein.
- Certificate & Private Key Matcher — Check karein ki koi SSL certificate aur private key ek saath belong karte hain ya nahi, seedhe aapke browser mein.
- JWT Decoder — Ek JWT ka header aur payload decode karein aur exp/iat inspect karein (bina verification ke).
- Hash Generator — Web Crypto API ke through SHA-256 / SHA-1 / SHA-384 / SHA-512.
Saare ArrayKit tools