Windows uses .pfx
for a PKCS #12 file. PFX stands for Personal eXhange Format. This is like a bag containing multiple cryptographic information. It can store private keys, certificate chains, certificates and root authority certificates. It is password protected to preserve the integrity of the contained data.
In order to install it on our apache/nginx web server we need to convert it PEM.
How To Install A .pxf Windows SSL Certificate On Your Linux Web Server
Upload first the .pfx
to your linux server. You will need OpenSSL installed.
On Centos run:
yum install openssl
On Ubuntu run:
sudo apt-get update sudo apt-get install openssl
To decript the .pfx
use:
openssl pkcs12 -in cert.pfx -out cert.pem
You will be prompted for the password that was used to encrypt the certificate. After providing it, you will need to enter a new password that will encrypt the private key.
The .pem
file resulted will contain the encrypted public key, the certificate and some other information we will not use.Copy the key from inside and paste it to a new .key
file.
Also copy the certificate from the .pem
and put it in a new .cert
file.
Remember to copy the whole blocks, including the dashed lines.
The private key file is still encrypted, so we have to decrypt it with:
openssl rsa -in cert.key -out cert.key
You will now be prompted for the password you set to encrypt the key. This will decrypt the private key file to itself.
To install the certificate to Nginx, you will need to import your .key
and .cert
in Nginx configuration file like this:
ssl_certificate /path/to/your/cert.pem; ssl_certificate_key /path/to/your/cert.key;
For Apache use:
SSLCertificateFile /path/to/your/cert.pem; SSLCertificateKeyFile /path/to/your/cert.key;