diff --git a/certfields/Makefile b/certfields/all-fields/Makefile
similarity index 50%
rename from certfields/Makefile
rename to certfields/all-fields/Makefile
index 602d6586..f54c9580 100644
--- a/certfields/Makefile
+++ b/certfields/all-fields/Makefile
@@ -1,6 +1,8 @@
 CC=gcc
-CFLAGS=-Wall
-LIBS= -lwolfssl
+WOLFPATH=/usr/local
+
+CFLAGS=-I$(WOLFPATH)/include -Wall
+LIBS=-L$(WOLFPATH)/lib -lwolfssl
 
 app: main.o
 	$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
diff --git a/certfields/README.md b/certfields/all-fields/README.md
similarity index 96%
rename from certfields/README.md
rename to certfields/all-fields/README.md
index 7ccc0462..38726aad 100644
--- a/certfields/README.md
+++ b/certfields/all-fields/README.md
@@ -25,7 +25,7 @@ Next, run the example app with a cert of your choice:
 EXAMPLE A:
 
 ```
-$ ./app ../certs/ca-cert.der RSA
+$ ./app ../../certs/ca-cert.der RSA
 PUBLIC KEY:
 3082010A0282010100BF0CCA2D14B21E84425BCD381F4AF24D7510F1B6359FDFCA7D0398D3ACDE0366EE2AF1D8B07D6E07540B1098214D80CB1220E7CC4FDE457DC9727732EACA90BB695210032FA8F395C5F18B62561BEF676FA4104195AD0A9BE3A5C0B0D2707650305BA8E8082C7CEDA7A27A8D38291CACC7EDF27C95B095827D495C38CD7725EFBD807553943C3DCA635B9F15B5D31D132F19D13CDB763ACCB87DC9E5C2D7DA406FD821DC731B422D539CFE1AFC7DAB7A363F98DE847C0567CE6A143887A9F18CB568CB687F71202BF5A063F5562FA326D2B76FB15A17D7389908FE93586FFEC3134908160BA74D6700523167234E98ED51451DB904D90BECD828B34BBDED36790203010001
 SIG TYPE = 655
@@ -44,7 +44,7 @@ EXAMPLE B: (Assuming you've built and run the certgen_with_altnames example from
 NOTE: Must configure with `--enable-opensslall` to see the IP address output!
 
 ```
-$ ./app ../certgen/newCert.der ECC
+$ ./app ../../certgen/newCert.der ECC
 PUBLIC KEY:
 3059301306072A8648CE3D020106082A8648CE3D03010703420004DC0E533A07160404DDA2D28685F8AB10880A1C17556443BE71C113BF5888268866187D976CB444CDE848C3AA6802251BF1FD2582FF1285BE869F5592ADD60C5D
 SIG TYPE = 524
diff --git a/certfields/main.c b/certfields/all-fields/main.c
similarity index 96%
rename from certfields/main.c
rename to certfields/all-fields/main.c
index 0aeaf09e..7d01624e 100644
--- a/certfields/main.c
+++ b/certfields/all-fields/main.c
@@ -32,6 +32,7 @@
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/openssl/x509v3.h>
 
+#ifdef OPENSSL_EXTRA
 enum {
     RSA_KEY_TYPE = 2,
     ECC_KEY_TYPE = 3,
@@ -46,10 +47,12 @@ static void err_sys(const char* msg, int ret)
     }
     exit(EXIT_FAILURE);
 }
+#endif
 
 int main(int argc, char** argv)
 {
     int   ret, i;
+#ifdef OPENSSL_EXTRA
     int   sigType;
     int   nameSz;
     int   derCertSz;
@@ -187,7 +190,13 @@ int main(int argc, char** argv)
 
     wolfSSL_EVP_PKEY_free(pubKeyTmp);
     wolfSSL_X509_free(cert);
-
-    return 0;
+    wc_FreeRsaKey(&pubKeyRsa);
+    wc_ecc_free(&pubKeyEcc);
+#else
+    (void) i;
+    printf("Please configure wolfSSL with --enable-opensslextra\n");
+    ret = -1;
+#endif
+    return ret;
 }
 
diff --git a/certfields/extract-pubkey-from-certfile/Makefile b/certfields/extract-pubkey-from-certfile/Makefile
new file mode 100644
index 00000000..a9f440c4
--- /dev/null
+++ b/certfields/extract-pubkey-from-certfile/Makefile
@@ -0,0 +1,13 @@
+CC=gcc
+
+WOLFPATH=/usr/local
+CFLAGS= -I$(WOLFPATH)/include -Wall
+LIBS= -L$(WOLFPATH)/lib -lwolfssl
+
+app: main.o
+	$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
+
+.PHONY: clean
+
+clean:
+	rm -f *.o app
diff --git a/certfields/extract-pubkey-from-certfile/README.md b/certfields/extract-pubkey-from-certfile/README.md
new file mode 100644
index 00000000..6f1d8bf0
--- /dev/null
+++ b/certfields/extract-pubkey-from-certfile/README.md
@@ -0,0 +1,24 @@
+# wolfSSL X509 Field Extraction Example
+
+Example of parsing a DER encoded self-signed certificate and extracting
+public key and subject name information.
+
+## Compiling and Running the Example
+
+To compile, first build wolfSSL with the OpenSSL compatibilty layer enabled:
+
+```
+$ cd wolfssl-X.X.X
+$ ./configure --enable-opensslextra
+$ make
+$ sudo make install
+```
+
+Then, compile the example app:
+
+```
+$ make
+$ ./app
+```
+
+For support, please contact support@wolfssl.com
diff --git a/certfields/extract-pubkey-from-certfile/main.c b/certfields/extract-pubkey-from-certfile/main.c
new file mode 100644
index 00000000..1dcf3642
--- /dev/null
+++ b/certfields/extract-pubkey-from-certfile/main.c
@@ -0,0 +1,86 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+ * Example of parsing a DER-encoded certificate and extracting
+ * public key
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <wolfssl/options.h>
+#include <wolfssl/version.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/rsa.h>
+
+int main(void)
+{
+    int ret = -1;
+#ifdef OPENSSL_EXTRA
+    WOLFSSL_X509* x509cert;
+    WOLFSSL_EVP_PKEY* pubKeyTmp;
+    RsaKey pubKey;
+    char* certFName = "../../certs/client-cert.pem";
+    word32 idx = 0;
+    int i;
+
+    (void) idx;
+
+    x509cert = wolfSSL_X509_load_certificate_file(certFName, WOLFSSL_FILETYPE_PEM);
+    if (x509cert == NULL) {
+        printf("Failed to load cert, abort!\n");
+        return ret;
+    }
+    printf("Loaded cert successfully\n");
+
+    pubKeyTmp = wolfSSL_X509_get_pubkey(x509cert);
+    if (pubKeyTmp == NULL) {
+        printf("Failed to extract public key, abort!\n");
+        return ret;
+    }
+    printf("Extracted public key successfully\n");
+
+    /* setup a key structure to receive the extracted key */
+    wc_InitRsaKey(&pubKey, 0);
+    ret = wc_RsaPublicKeyDecode((byte*)pubKeyTmp->pkey.ptr, &idx, &pubKey,
+                                 (word32) pubKeyTmp->pkey_sz);
+    if (ret != 0) {
+        printf("Failed to decode public key from pubKeyTmp, abort!\n");
+        return ret;
+    }
+    printf("Succesfully decoded public key\n");
+
+    printf("PUBLIC KEY:\n");
+    for (i = 0; i < pubKeyTmp->pkey_sz; i++) {
+        printf("%02X", pubKeyTmp->pkey.ptr[i] & 0xFF);
+    } printf("\n");
+
+
+    wolfSSL_EVP_PKEY_free(pubKeyTmp);
+    wolfSSL_X509_free(x509cert);
+    wc_FreeRsaKey(&pubKey);
+#else
+    printf("Please configure wolfssl with --enable-opensslextra to try using\n"
+           "this example\n");
+#endif
+    return ret;
+}