How to Convert a PKCS#12/PFX Certificate for use on Apache Web Server

Print Friendly, PDF & Email

Transfer myCert.pfx to yout Linux WebServer

Export your private.key
openssl pkcs12 -in myCert.pfx -nocerts -out private.key
Enter Import Password:
MAC verified OK


remove password form key
openssl rsa -in private.key -out private-npw.key
Enter Import Password:
MAC verified OK

Check your key
cat private.key

Output example:
—–BEGIN RSA PRIVATE KEY—–
MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
—–END RSA PRIVATE KEY—–


You can now use this as your private.key file on your Apache Server.

To get the corresponding Server Certificate, you run the following OpenSSL command:
openssl.exe pkcs12 -in myCert.pfx -clcerts -nokeys -out wildcard_Cert.cer

Enter Import Password:
MAC verified OK

No Extracting the Chain of certificates from the pfx file:
openssl pkcs12 -in myCert.pfx -out bundel_chain.crt -nodes -nokeys -cacerts
Enter Import Password:
MAC verified OK

Apache config:

SSLCertificateFile /etc/pki/tls/certs/wildcard_Cert.cer
SSLCertificateChainFile /etc/pki/tls/certs/bundel_chain.crt
SSLCertificateKeyFile /etc/pki/tls/private/private-npw.key