I have a .pfx file that I exported from Windows Server 2008. It includes the private key and certificate chain.

Using openssl I've been able to extract the private key and public certificate but I also need the full certificate authority chain. How can this part be extracted?

The purpose is to move the certificate to AWS EC2 Load Balancer. Only way I've been able to do this so far is exporting the chain certificates using Chrome.


With the pkcs12 context in openssl you can specify what components you want from the pfx file. If you don't want the signed certificate but just issuer certificates, try this:

openssl pkcs12 -in mycerts.pfx -cacerts -out myissuercerts.cer