Exporting PFX certificate to PEM via openssl.exe

We’ve just trying to export PFX format certificate to PEM format using openssl.exe (to be able to use it with Caddy server). The problem is that resulting .pem file contains unnecessary root certificate (moreover in bad order) so SSL Labs Report says:

Chain issue: Incorrect order, Contains anchor

The command-line we use:
openssl.exe pkcs12 -in certificate.pfx -nocerts -out certificate.key.pem
openssl.exe pkcs12 -in certificate.pfx -nokeys -out certificate.pem

The only solution we’ve found is to manually edit the certificate.pem file and remove the unnecessary root certificate block from that. After that SSL Labs Report doesn’t complain about chain issue and everything with Caddy server looks fine.

But manual text file edit doesn’t seem to be clear solution. Any ideas how to export only my own certificate together with intermediate (and without root) certificate?

Manual edit these days looks like … ergh… :confused:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.