PKCS#12 archives (commonly known as .pfx files) usually contain both a certificate and its private key, sometimes with password protection. In order to use these with a server like nginx or Apache, we need to extract these objects and convert them using openssl.
(The commands below assume your file is named certificate.pfx.)
Extracting the private key
openssl pkcs12 -in certificate.pfx -out private.key -nocerts -nodes
Extracting the PEM certificate
openssl pkcs12 -in certificate.pfx -out cert.pem -clcerts -nokeys
Extracting intermediate certificates
openssl pkcs12 -in certificate.pfx -out ca.pem -clcerts -nokeys
Alternatively, you could use a tool like https://whatsmychaincert.com to generate this based on your public certificate.
Enjoy this article?
Support my open-source work via Github or follow me on Twitter for more blog posts and other interesting articles from around the web. I'd also love to hear your thoughts on this post - simply drop a comment below!
