Extract private key from existing pfx file:
openssl pkcs12 -in star.pfx -out starkey.pem -nocerts
Download renewed certificate and create pfx file by combining the new cert with the extracted key:
openssl pkcs12 -export -inkey starkey.pem -in 8027249b80e4614c.crt -out newstar.pfx
new-star.pfx now contains the new certificate and its private key.
Extract public key from file:
openssl pkcs12 -in star.pfx -out starcert.pem -nokeys
Remove encryption from private key (if you really must):
openssl rsa -in starkey.pem -out starkeyunencrypted.pem -nocerts
Show certificate content.
openssl x509 -noout -text -in mycert.cer
Test a TLS connection, get certificate from server:
openssl s_client -connect sip.pstnhub.microsoft.com:5061