How to convert pfx certificate to Apache pem

Apache server requires the following two files for SSL configuration:

1 – Server.key : the private key associated with the certificate
2 – Server.crt :  the public SSL certificate issued by trusted authority

If you have one .pfx file instead of two above (in fact the .pfx is certificate + private key combined into one file) you can extract the private key from pfx and convert pfx to pem using OpenSSL with the following commands:

Convert pfx to pem in Linux

To extract the private key from a .pfx file, run the following OpenSSL command:

This command extracts encrypted private key. To unencrypt it you will need the following command:

The resulting private.pem file will be the unencrypted key file that you want. Open it up using notepad to make sure there is not additional information showing up as text in the file. There may be some additional lines displaying the DN and Bag Attributes. Remove all of this from the file so that you end up with something like this:

You can now use this as your Server.key file on your Apache Server.

To get the corresponding Server Certificate, you will run the following OpenSSL command:

You can now use the resulting file as your Server.crt file in Apache.

Convert pfx to pem in Windows

For Windows all the commands above will be the same but you will need to use full path to openssl.exe unless it is in the PATH variable.

Nginx and intermediate certificates chain in crt file

Please check Nginx SSL error key values mismatch article to know the correct order of certificates inside .crt for Nginx

Good luck!


Want me to do this for you? Drop me a line: itgalaxyzzz {at} gmail [dot] com