Monday 1 February 2016

Convert a PFX to PEM format for Apache / NGINX

This can be performed with OpenSSL:
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer
openssl pkcs12 -in domain.pfx -nocerts -nodes  -out domain.key  
Or to get all certificates (including intermediaries, root etc.) and private key we can issue:
openssl pkcs12 -in domain.pfx -out everything.pem –nodes
Copy the files to:


and ensure the appropriate permissions are set:
chown -R root:root /etc/apache2/ssl
chmod 700 /etc/apache2/ssl
chmod 600 /etc/apache2/ssl/*
I prefer to keep organization specific certificates separely from the system ones - but for reference you can also copy them to:


Post a Comment