Using OpenSSL to check and manipulate certs.
Convert PFX to PEM
Extract the key, then the cert, from the PFX. You'll be prompted for password.
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
Remove Passphrase from a Key
openssl rsa -in MY_CERT.key -out MY_CERT.key
Validate that Cert and Key Match
If the cert and key are a pair they should generate the same hash.
openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
Check the key. I don't remember what this checked, but it was useful once.
openssl rsa -in MY_CERT.key -check