Convertir un certificado *.p12 a *.pem y *.crt

-----------
Crear *.pem
-----------
import tempfile
import OpenSSL.crypto
import base64

t_pem = tempfile.NamedTemporaryFile(
            prefix='private_', suffix='.pem', delete=False,
            dir='/home/user/certificado/')

p12 = OpenSSL.crypto.load_pkcs12(open('/home/user/certificado/sello_entidad_act.p12', 'rb').read(), 'laclave')
f_pem = open(t_pem.name, 'wb')
f_pem.write(OpenSSL.crypto.dump_privatekey(
                OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()))
f_pem.close()
------------
Crear *.crt
------------
t_crt = tempfile.NamedTemporaryFile(
            prefix='public_', suffix='.crt', delete=False,
            dir='/home/user/certificado/')

p12 = OpenSSL.crypto.load_pkcs12(open('/home/user/certificado/sello_entidad_act.p12', 'rb').read(), 'laclave')
f_crt = open(t_crt.name, 'wb')
f_crt.write(OpenSSL.crypto.dump_certificate(
                OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate()))
f_crt.close()

==========================

Si no se quiere usar OpenSSL también se puede usar:

from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import pkcs12,Encoding
from pathlib import Path

outputDirectory = '/home/user/certificado/'

certFileName = "pubic_cert.crt"
encryptedPrivateKeyFileName = "private_key_encrypted.pem"

# Ruta del archivo PKCS#12 (.p12)
p12_file_path = '/home/user/certificado/Public/sello_entidad.p12'

# Contraseña del archivo PKCS#12
p12_password = 'clave'

certPath = Path(outputDirectory) / certFileName
encryptedPrivateKeyFilePath = Path(outputDirectory) / encryptedPrivateKeyFileName

with open(p12_file_path, 'rb') as pfxFile:
        (privatekey, certificate, cas) = pkcs12.load_key_and_certificates(pfxFile.read(), p12_password.encode('utf-8'))

epk_str = privatekey.private_bytes(encoding=Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.BestAvailableEncryption(p12_password.encode('utf-8'))).decode()

cert = certificate.public_bytes(Encoding.PEM)
cert_str = certificate.public_bytes(Encoding.PEM).decode()

with open(certPath, 'w') as certFile:
            certFile.write(cert_str.strip())
            print(f"Wrote {certPath}")

with open(encryptedPrivateKeyFilePath, 'w') as encryptedKey:
            encryptedKey.write(epk_str.strip())
            print(f"Wrote {encryptedPrivateKeyFilePath}")