Apache server requires the following two files for SSL configuration:
1 – Server.key : the private key associated with the certificate
2 – Server.crt : the public SSL certificate issued by trusted authority
If you have one .pfx file instead of two above (in fact the .pfx is certificate + private key combined into one file) you can extract the private key from pfx and convert pfx to pem using OpenSSL with the following commands:
Convert pfx to pem in Linux
To extract the private key from a .pfx file, run the following OpenSSL command:
1 |
openssl pkcs12 -in myCert.pfx -nocerts -out privateKey.pem |
This command extracts encrypted private key. To unencrypt it you will need the following command:
1 |
openssl rsa -in privateKey.pem -out private.pem |
The resulting private.pem file will be the unencrypted key file that you want. Open it up using notepad to make sure there is not additional information showing up as text in the file. There may be some additional lines displaying the DN and Bag Attributes. Remove all of this from the file so that you end up with something like this:
1 2 3 4 5 6 7 8 9 |
-----BEGIN RSA PRIVATE KEY----- j/L6vFFXzSHhhMIIRogvwIOMFbL2G1A1H7MokLwnEsm0UckgBTRVa2bsV4Y4kffV jljcMlznHXb7WRVPU6BAZGBWLElQjFuqoX5GTLnyrIUnLtEjWtzToVH3P7dq6yjk A34ga07NChk6PUVlstIePrywQwXGOKsCqSHXpwIDAQABAoIBAG6EMVyo0BMCNQfm IiyhSYWSLqLozXeVbtH5+ddzhyVkElSc/1iprPuBL8WD/eQ8Dq29Zj40ZBJtWuXn HRkhs8VwztO+IeGQEzd0DIp9LK+3nGoakrKn+XjlfIBqZRvRPDzHZ6hVJUj9ieJ7 tRMTL/uXQF7lf8ScyP4NFUlHNnlhX7LCrMlJEf7PwWaC/zrDLxR5RnJd0Ch3ecfe nYfP3BYrNpJAlnWIeQcXr8Ob8Fz5qMi2apj72R+FGtvymOq0676788sSsTasdMXs -----END RSA PRIVATE KEY----- |
You can now use this as your Server.key file on your Apache Server.
To get the corresponding Server Certificate, you will run the following OpenSSL command:
1 |
openssl pkcs12 -in myCert.pfx -clcerts -nokeys -out EntrustCert.pem |
You can now use the resulting file as your Server.crt file in Apache.
Convert pfx to pem in Windows
For Windows all the commands above will be the same but you will need to use full path to openssl.exe unless it is in the PATH variable.
Nginx and intermediate certificates chain in crt file
Please check Nginx SSL error key values mismatch article to know the correct order of certificates inside .crt for Nginx
Good luck!