Openssl Generate Crt And Key From Pfx

by
Openssl Generate Crt And Key From Pfx Average ratng: 5,0/5 8896 votes

May 13, 2014  This walkthrough will provide the information necessary to combine the.crt and.key files into a usable.pfx file for IIS. To complete this process, you will need to use OpenSSL. There are multiple places that you can download OpenSSL for a windows server. I personally use cygwin for. Generate.key and.crt from PKCS12 file? Ask Question Asked 7 years, 7 months ago. Active 2 years, 7 months ago. Viewed 60k times 26. How exactly would I generate a.key file and a.crt file from a.p12 file? Apache-2.2 ssl. Openssl pkcs12 -in filename.pfx -nocerts -out filename.key openssl pkcs12 -in filename.pfx -clcerts -nokeys -out.

When we have multiple servers and we need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard SSL certificates, you will need to transfer the certificates between the servers. Normally, server to server SSL transfer will be easy if it's between servers of the same kind like Linux servers or Windows Servers.

But the process becomes a bit harder when it comes to a Windows to a Linux server. In this case, we need to export the SSL certificates from the Windows server and store to .pfx file. After that, we need to copy this .pfx (PKCS#12/)file to the Linux server and convert that file to an Apache-compatible file format like individual certificate, CA bundle and private key files and use it. Team foundation server 2012 license key generator.

This may also be necessary when you switch hosting companies. I will explain the exact process with step-by-step instructions in this article on how you can successfully use a .pfx certificate from the Windows server on a Linux server running Apache.

Difference between .pfx and .crt file

Before, starting with our conversion process, let me give you a quick description about the difference between the .pfx and .crt file. Basically, a certificate (.crt file) is a container for the public key. It includes the public key, the server name, some extra information about the server, and a signature computed by a certification authority (CA). While SSL handshaking, the server sends its public key to a client, which actually contains its certificate, with a few other chains of certificates.

In other hands, a .pfx file is a PKCS#12 archive resembling a bag which can contain a lot of objects with optional password protection. Normally, a PKCS#12 archive contains a certificate (possibly with its assorted set of CA certificates) and its corresponding private key.

Begin rsa public key block generate fingerprint. Let's begin with our conversion process now.

Step 1: Transfer the pfx certificate from the Windows server to our Linux Server

First of all, I've exported my certificate to a .pfx certificate from the Windows server for my domain puebe.com. And I've copied that pfx file to my Linux server using SCP from my local system to the folder '/transfered_certificates/'. You can use FTP, SCP, wget or use any of these methods to transfer the pfx certificate to your Linux server.

Openssl Generate Crt And Key From Pfx

# transfered_certificates]# ll
-rw-r--r-- 1 root root 5409 Oct 9 10:02 c667cafbf01ffd7310db952e50eaf2b2.pfx

Step 2: Convert the .pfx file using OpenSSL

Our next step is to extract our required certificate, key and CA bundle from this .pfx certificate for the domain puebe.com. We can use OpenSSL command to extract these details from the pfx file. Let's see the commands to extract the required information from this pfx certificate.

  • Extracting the Certificate from the pfx file

We can use this command to extract the certificate details for the domain puebe.com from the pfx file.

This will provide us with our domain certificate file namely puebe.com.crt with a compatible format which supports in Linux.

  • Extracting the Key file from the pfx file

We can use this command to extract the key details for the domain puebe.com from the pfx file.

This will provide us with our domain key file namely puebe.com.key

  • Extracting the Chain of certificates from the pfx file

We can use this command to extract the chain of certificate details from the pfx file.

Openssl

This will provide us with our chain of certificates for our domain puebe.com in the file puebe.com-ca.crt.

I copied these extracted files to my cert folder under '/etc/pki/tls/certs/'. You can do this if required, but if not then you can directly specify the folder path in the Apache configuration to which you have extracted these files.

Step 3: Assigning the domain SSL certificate to Apache

After you have converted the .pfx file, you will need to copy the newly created files to the Apache server and edit your Apache configuration file to use them. I've created a Virtual host for my domain under the /etc/httpd/conf.d/ folder to enable SSL and included these extracted files as required. Please see my Virtual host details below:

You can modify the names of the files and paths to match your certificate files:
SSLCertificateFile should be your primary certificate file for your domain name.
SSLCertificateKeyFile should be the key file extracted.
SSLCertificateChainFile should be the intermediate certificate chain file.

Just make sure to run a configuration test and restart the Apache service once you're done with this.

Generate Crt And Key From Pfx

Now you can confirm your domain SSL certificate using any of the SSL checker tools available. Or you can just browse the URL >>https://puebe.com/. I've verified my SSL installation in the link >>https://www.sslshopper.com/ssl-checker.html#hostname=puebe.com

Openssl Generate Crt And Key From Pfx

This is how we can easily transfer certificates from a Windows server to a Linux Distro. I hope this article is informative and useful for you. Please post your valuable comments and suggestions on this.