I had to install a certificate that came to me in pfx format. In order to use it with apache I had to convert it in a more manageable format.
With OpenSSL you can convert pfx to Apache compatible format easily with a few commands:
1 2 3 4 | openssl pkcs12 -in example.com.pfx -clcerts -nokeys -out example.com.crt openssl pkcs12 -in example.com.pfx -nocerts -nodes -out example.com-encrypted.key openssl rsa -in example.com-encrypted.key -out example.com.key openssl pkcs12 -in example.com.pfx -nodes -nokeys -cacerts -out example.com.ca |
The first command extracts public key to example.com.crt, the second and third commands extracts the private key to example.com.key and the last one generates the Certificate Authority (CA) certificate example.com.ca file (if it cames out empty don’t include it in the virtual host definition). Move all files to the apropriate locations for your distro and add them to the virtual host:
1 2 3 4 5 6 7 8 | <VirtualHost 192.168.1.1:443> ... SSLEngine on SSLCertificateFile /path/to/example.com.crt SSLCertificateKeyFile /path/to/example.com.key SSLCACertificateFile /path/to/example.com.ca ... </VirtualHost> |
apachectl configtest and apachectl graceful restart and you are on your way!