openssl pkcs12 -in oldcert.pfx -nocerts -out oldkey.key

openssl rsa -in oldkey.key -out decrypted.key

This command takes an existing PKCS12-formatted certificate (usually with a .pfx extension), extracts the private key, and then saves it in a decrypted format as a separate key file. openssl pkcs12: The OpenSSL command for working with PKCS12 files.

-in oldcert.pfx: Specifies the input PKCS12 file, oldcert.pfx.

-nocerts: Specifies that you want to extract the private key (not the certificates).

-out oldkey.key: Specifies the output file name for the extracted private key, which will be saved as oldkey.key.

After running this command, you'll have a decrypted.key file containing the extracted private key.

openssl pkcs12 -export -in newcert.crt -inkey decrypted.key -out newcert.pfx

This command takes a certificate file in the PEM format (usually with a .crt extension), combines it with the previously obtained decrypted private key, and creates a new PKCS12-formatted certificate (.pfx file).

openssl pkcs12: Again, the OpenSSL command for working with PKCS12 files.

-export: Indicates that you want to create a PKCS12 container.

-in newcert.crt: Specifies the input certificate file, newcert.crt.

-inkey decrypted.key: Specifies the decrypted private key obtained from the previous step.

-out newcert.pfx: Specifies the output file name for the new PKCS12-formatted certificate, which will be saved as newcert.pfx.

After running this command, you'll have a newcert.pfx file that combines the certificate and private key, suitable for various applications that require this format, such as configuring SSL for web servers.

These commands are often used when you need to transition between different formats of certificates and private keys for various security-related tasks, such as updating certificates for a web server, exporting certificates for use in other applications, or migrating to a different system.