Knowledge Base
Converting a PFX file for use with Apache
You may required to install a same certificate on multiple servers. For example, a Wildcard Certificate can be used to secure multiple servers on the sub domain level. In such cases, you can export the certificate from one server to another in PKCS#12 format. You can directly install the PKCS#12 format on Windows based servers, but you need to convert them into PEM format when using with Linux based servers, like Apache, NGINX,etc. This article will help you convert the PKCS#12 ( PFX/P12) file into a Base 64 Encoded x509 (PEM) format.
You can now use 'yourDomain.crt', 'server.key' and the 'CABundle.crt' to configure SSL on the Linux Based servers.
Extracting the Server Certificate from PKCS#12
$ openssl pkcs12 -in filename.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > yourDomain.crtExtracting the Private Key from PKCS#12
$ openssl pkcs12 -in filename.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > server.keyExtracting the CA Certificate Chain / Bundle from PKCS#12
$ openssl pkcs12 -in filename.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > CABundle.crtYou can now use 'yourDomain.crt', 'server.key' and the 'CABundle.crt' to configure SSL on the Linux Based servers.
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
