Entrust Certificate Services Support Knowledge Base
Last Modified: 2016-07-05 09:17:45.0
How do I convert a .pfx to be used with an Apache server?
Article Number: 46372
Question: How do I convert my .pfx file to be used with an Apache server?
The Apache server will require the following two files:
1 – Server.key : the private key associated with the certificate
2 – Server.crt : the public SSL certificate issued by Entrust
Using Open SSL, you can extract the certificate and private key.
To extract the private key from a .pfx file, run the following OpenSSL command:
openssl.exe pkcs12 -in myCert.pfx -nocerts -out privateKey.pem
The private key that you have extract will be encrypted. To unencrypt the file so that it can be used, you want to run the following command:
openssl.exe rsa -in privateKey.pem -out private.pem
The resulting private.pem file should be the key file that you want. Open it up using notepad to make sure there is not additional information showing up as text in the file. There may be some additional lines displaying the DN and Bag Attributes. Remove all of this from the file so that you end up with something like this:
—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–
You can now use this as your Server.key file on your Apache Server.
To get the corresponding Server Certificate, you will run the following OpenSSL command:
openssl.exe pkcs12 -in myCert.pfx -clcerts -nokeys -out EntrustCert.pem
You can now use the resulting file as your Server.crt file in Apache.