How can I convert a PFX certificate file for use with Apache on a linux server

Question

How can I convert a PFX certificate file for use with Apache on a linux server   I created the PFX from Windows Certificate Services  The PFX contains the entire certificate chain   Which is just a root and the main cert  no intermediate    Lead me  wise ones

User · Answer

To get it to work with Apache  we needed one extra step   openssl pkcs12 -in domain pfx -clcerts -nokeys -out domain cer openssl pkcs12 -in domain pfx -nocerts -nodes  -out domain encrypted key openssl rsa -in domain encrypted key -out domain key   The final command decrypts the key for use with Apache  The domain key file should look like this   -----BEGIN RSA PRIVATE KEY----- MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq -----END RSA PRIVATE KEY-----

User · Answer

With OpenSSL you can convert pfx to Apache compatible format with next commands   openssl pkcs12 -in domain pfx -clcerts -nokeys -out domain cer openssl pkcs12 -in domain pfx -nocerts -nodes  -out domain key      First command extracts public key to domain cer  Second command extracts private key to domain key   Update your Apache configuration file with     lt VirtualHost 192 168 0 1 443 gt        SSLEngine on  SSLCertificateFile  path to domain cer  SSLCertificateKeyFile  path to domain key       lt  VirtualHost gt

User · Answer

Additionally to   openssl pkcs12 -in domain pfx -clcerts -nokeys -out domain cer openssl pkcs12 -in domain pfx -nocerts -nodes  -out domain key   I also generated Certificate Authority  CA  certificate   openssl pkcs12 -in domain pfx -out domain-ca crt -nodes -nokeys -cacerts   And included it in Apache config file    lt VirtualHost 192 168 0 1 443 gt        SSLEngine on  SSLCertificateFile  path to domain cer  SSLCertificateKeyFile  path to domain key  SSLCACertificateFile  path to domain-ca crt       lt  VirtualHost gt

User · Answer

SSLSHopper has some pretty thorough articles about moving between different servers   http   www sslshopper com how-to-move-or-copy-an-ssl-certificate-from-one-server-to-another html  Just pick the relevant link at bottom of this page   Note  they have an online converter which gives them access to your private key  They can probably be trusted but it would be better to use the OPENSSL command  also shown on this site  to keep the private key private on your own machine

User · Answer

Took some tooling around but this is what I ended up with    Generated and installed a certificate on IIS7   Exported as PFX from IIS  Convert to pkcs12  openssl pkcs12 -in certificate pfx -out certificate cer -nodes   NOTE  While converting PFX to PEM format  openssl will put all the Certificates and Private Key into a single file  You will need to open the file in Text editor and copy each Certificate  amp  Private key including the BEGIN END statements  to its own individual text file and save them as certificate cer  CAcert cer  privateKey key respectively   -----BEGIN PRIVATE KEY----- Saved as certificate key -----END PRIVATE KEY-----  -----BEGIN CERTIFICATE----- Saved as certificate crt -----END CERTIFICATE-----   Added to apache vhost w  Webmin

[apache] How can I convert a PFX certificate file for use with Apache on a linux server?

Examples related to apache

Examples related to ssl