Extract DER format x.509 public certificate from IIS 4 pfx

IIS 4 certificate files usually contain both the private key and public certificate for SSL. To convert these to RSA private key and x.509 public certificates from NET to DER format, you need to manually edit the binary key file as documented on Thawte’s site <http://www.thawte.com/html/SUPPORT/server/msiis4.html> then run the following OpenSSL commands:

Eck…no thanks. The Thawte site skips over pulling out the public certificate (yes, I know you could actual just get the certificate from within a browser, but do that for 50+ certificates). Anyways, the following perl script will located the magic hex number “30 82” followed closely by with the string certificate0, copy all the file from that point on to a tmp file, and then make a system call to OpenSSL (must be in your path on Windows platform) to convert it to x.509 formated. Example:

Where file1.key ect are the IIS4 pfx key files to extract the public crt in DER format. Get a copy of OpenSSL for Windows <http://gnuwin32.sourceforge.net/packages/openssl.htm>. Make sure to renamed the two dll files under the bin directory before running the script.