Windows uses .pfx for a PKCS #12 file. PFX stands for Personal eXhange Format. This is like a bag containing multiple cryptographic information. It can store private keys, certificate chains, certificates and root authority certificates. It is password protected to preserve the integrity of the contained data.
In order to install it on our apache/nginx web server we need to convert it PEM.
Upload first the .pfx to your linux server. You will need OpenSSL installed.
On Centos run:
yum install openssl
On Ubuntu run:
sudo apt-get update sudo apt-get install openssl
To decript the .pfx use:
openssl pkcs12 -in cert.pfx -out cert.pem
You will be prompted for the password that was used to encrypt the certificate. After providing it, you will need to enter a new password that will encrypt the private key.
The .pem file resulted will contain the encrypted public key, the certificate and some other information we will not use.Copy the key from inside and paste it to a new .key file.
Also copy the certificate from the .pem and put it in a new .cert file.
Remember to copy the whole blocks, including the dashed lines.
The private key file is still encrypted, so we have to decrypt it with:
openssl rsa -in cert.key -out cert.key
You will now be prompted for the password you set to encrypt the key. This will decrypt the private key file to itself.
To install the certificate to Nginx, you will need to import your .key and .cert in Nginx configuration file like this:
ssl_certificate /path/to/your/cert.pem; ssl_certificate_key /path/to/your/cert.key;
For Apache use:
SSLCertificateFile /path/to/your/cert.pem; SSLCertificateKeyFile /path/to/your/cert.key;