Loading PFX Inspector...
Open a password-protected .pfx / .p12 file to view its certificate chain and extract the private key and certificates as PEM. Runs entirely in your browser.
Choose a .pfx / .p12 file
.pfx/.p12 bundles a private key plus its certificate chain, encrypted with one password.openssl pkcs12 -nodes, useful for nginx, Apache, and other servers that want separate key/cert files.Open a password-protected .pfx / .p12 file to view its certificate chain and extract the private key and certificates as PEM. Runs entirely in your browser.
A PKCS#12 file (.pfx or .p12) bundles a private key together with its certificate chain, all encrypted under a single password. It is the format Windows, IIS, and many CAs use to move a key and certificate around as one file. This tool opens that bundle in your browser: enter the password and it shows each certificate's subject, issuer, validity, serial, and fingerprints, and lets you export the private key and certificates as PEM - the same result as openssl pkcs12, with nothing uploaded.
Input:
server.pfx + its export password
Output:
Subject CN=example.com, valid cert + private-key.pem
What can I do with the extracted PEM files?
Use them where servers want separate files, for example nginx (ssl_certificate / ssl_certificate_key) or Apache. It is equivalent to running openssl pkcs12 -nodes to split a PFX into key and cert.
Is my .pfx or its password uploaded?
No. Parsing and decryption happen entirely in your browser with JavaScript; the file and password never leave your device.
What if the file has no private key?
Some PKCS#12 files contain only certificates. The tool will still list the certificates and simply report that no private key is present.
Why does it say the password is incorrect?
PKCS#12 files include a MAC that is checked against the password. If it does not match, the file cannot be decrypted - double-check the export password.