convert PFX file to Cert and Private Key

Posted on 12:53 PM by Bharathvn

This tips will help you to extract Server crt and Private key from PFX certificate.

Make sure you have installed OPENSSL on the system and follow the steps mentioned below

To convert the .pfx file to a file that your Apache server will understand Run the following command using OPENSSL:

1. To export the Private key file from the .pfx file

openssl pkcs12 -in filename.p12 -nocerts -out privatekey.key

2. To export the Certificate file from the .pfx file
openssl pkcs12 -in filename.p12 -clcerts -nokeys -out sslcert.crt

Remove passphrase from Certificate

You'll need to remove the encryption from the server's private key. First look up where it is, look for "SSLCertificateKeyFile" in your /etc/httpd/conf/httpd.conf.

Then do "openssl rsa -in oldprivatekey.key -out " newprivatekey.key

As choose a different filename. Now change the httpd.conf file so "SSLCertificateKeyFile" points to the newly created file.

Note that, if this private key is stolen, your server is no longer secure, since the key is now no longer protected by a passphrase!
Copy Certs to respective directories in apache and restart apache server.

You are done!