[Tutorial] How to convert a .pfx file for use with Apache

Since Facebook is going to require a secure canvas (and secure tab) URL starting October 1, 2011, SSL certificates are quickly becoming the new kids on the block. That is, if you want your Facebook applications and tabs to make it past October 1.

I ordered a wildcard SSL certificate for my domain and, for some reason, I got it in the form of a password-protected .pfx file. Great if you want to install it on an IIS server (which I did want and it took me 5 minutes), not so good if you want to install it on an Apache server (which I also did want and it took almost 2 days, mainly because I knew nothing about Apache and SSL).

To work with Apache, you need to extract 3 files from the .pfx: the private key, the domain certificate and the CA certificate. You can do this using OpenSSL on your server or on a Windows machine. I downloaded the Windows binaries.

First, you need to extract the private key. Use the following command. It will prompt you for the .pfx password, which you must already have, and it will prompt you for a PEM password, which you must input. Since I was going to remove the PEM password anyway, I used 1234 for the password (it needs to be at least 4 characters long).

openssl pkcs12 -in yourdomain.pfx -nocerts -out yourdomain.key.pem

Next, issue the following command to remove the PEM password and obtain th RSA private key.

openssl rsa -in yourdomain.key.pem -out yourdomain.key

You can extract the domain certificate by using the following command.

openssl pkcs12 -in yourdomain.pfx -clcerts -nokeys -out yourdomain.crt

Next, you will need the CA certificate, also known as ca-bundle. Get it by using the following command.

openssl pkcs12 -in yourdomain.pfx -cacerts -nokeys -out yourdomain.ca.crt

Now, you have 3 files: yourdomain.key, yourdomain.crt and yourdomain.ca.crt. These are all the files you need to install the SSL certificate on an Apache web server.

Lasă un răspuns