Openssl Generate Crt And Key From Pfx
Posted By admin On 15.12.20
- Nov 19, 2014 In some cases, you need to export the private key of a '.pfx' certificate in a '.pvk' file and the certificate in a '.cer' file. For example: To generate certificates with makecert but by using your certification authority created on Windows Server.
- Apr 18, 2013 Combine CRT and KEY Files into a PFX with OpenSSL elgwhoppo Uncategorized April 18, 2013 April 18, 2013 1 Minute Say for example you have a.crt and a.key file which had the private key in it.
The commands below demonstrate examples of how to create a.pfx/.p12 file in the command line using OpenSSL: PEM (.pem,.crt,.cer) to PFX openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt.
Openssl Generate Crt And Key From Pfx File
When we have multiple servers and we need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard SSL certificates, you will need to transfer the certificates between the servers. Normally, server to server SSL transfer will be easy if it's between servers of the same kind like Linux servers or Windows Servers.
But the process becomes a bit harder when it comes to a Windows to a Linux server. In this case, we need to export the SSL certificates from the Windows server and store to .pfx file. After that, we need to copy this .pfx (PKCS#12/)file to the Linux server and convert that file to an Apache-compatible file format like individual certificate, CA bundle and private key files and use it.
This may also be necessary when you switch hosting companies. I will explain the exact process with step-by-step instructions in this article on how you can successfully use a .pfx certificate from the Windows server on a Linux server running Apache.
Difference between .pfx and .crt file
Before, starting with our conversion process, let me give you a quick description about the difference between the .pfx and .crt file. Basically, a certificate (.crt file) is a container for the public key. It includes the public key, the server name, some extra information about the server, and a signature computed by a certification authority (CA). While SSL handshaking, the server sends its public key to a client, which actually contains its certificate, with a few other chains of certificates.
In other hands, a .pfx file is a PKCS#12 archive resembling a bag which can contain a lot of objects with optional password protection. Normally, a PKCS#12 archive contains a certificate (possibly with its assorted set of CA certificates) and its corresponding private key.
Let's begin with our conversion process now.
Step 1: Transfer the pfx certificate from the Windows server to our Linux Server
First of all, I've exported my certificate to a .pfx certificate from the Windows server for my domain puebe.com. And I've copied that pfx file to my Linux server using SCP from my local system to the folder '/transfered_certificates/'. You can use FTP, SCP, wget or use any of these methods to transfer the pfx certificate to your Linux server.
# transfered_certificates]# ll
-rw-r--r-- 1 root root 5409 Oct 9 10:02 c667cafbf01ffd7310db952e50eaf2b2.pfx
Step 2: Convert the .pfx file using OpenSSL
Openssl Generate Crt And Key From Pfx Mac
Our next step is to extract our required certificate, key and CA bundle from this .pfx certificate for the domain puebe.com. We can use OpenSSL command to extract these details from the pfx file. Let's see the commands to extract the required information from this pfx certificate.
Extracting the Certificate from the pfx file
We can use this command to extract the certificate details for the domain puebe.com from the pfx file.
This will provide us with our domain certificate file namely puebe.com.crt with a compatible format which supports in Linux.
Extracting the Key file from the pfx file
We can use this command to extract the key details for the domain puebe.com from the pfx file.
This will provide us with our domain key file namely puebe.com.key
Extracting the Chain of certificates from the pfx file
Esxi 5.5 license key generator. We can use this command to extract the chain of certificate details from the pfx file.
This will provide us with our chain of certificates for our domain puebe.com in the file puebe.com-ca.crt.
I copied these extracted files to my cert folder under '/etc/pki/tls/certs/'. You can do this if required, but if not then you can directly specify the folder path in the Apache configuration to which you have extracted these files.
Step 3: Assigning the domain SSL certificate to Apache
After you have converted the .pfx file, you will need to copy the newly created files to the Apache server and edit your Apache configuration file to use them. I've created a Virtual host for my domain under the /etc/httpd/conf.d/ folder to enable SSL and included these extracted files as required. Please see my Virtual host details below:
You can modify the names of the files and paths to match your certificate files:SSLCertificateFile should be your primary certificate file for your domain name.SSLCertificateKeyFile should be the key file extracted.SSLCertificateChainFile should be the intermediate certificate chain file.
Just make sure to run a configuration test and restart the Apache service once you're done with this.
Now you can confirm your domain SSL certificate using any of the SSL checker tools available. Or you can just browse the URL >>https://puebe.com/. I've verified my SSL installation in the link >>https://www.sslshopper.com/ssl-checker.html#hostname=puebe.com
This is how we can easily transfer certificates from a Windows server to a Linux Distro. I hope this article is informative and useful for you. Please post your valuable comments and suggestions on this.