Depending on your network you may have to move your SSL/TLS server certificate and its private key from one system to another. This article covers how to move your SSL certificate, its private key, and its intermediate CA from Apache to pfx also known as a pkcs#12 file. This will require a conversion using OpenSSL that is on the Apache System.

Apache systems are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system. Below are generalized instructions.

We will start by assuming that you have already successfully installed the SSL certificate on the Apache web server.

To move your certificate keypair from Apache to PFX perform the following:

Step 1: Finding your SSL Certificate, its Private key, and Intermediate CA file on Apache:

  1. Referencing the httpd.conf or ssl.conf  file on the Apache system look for the location and directories of the three files necessary on the Apache system that has the installed SSL certificate.
    • SSLCertificateFile /usr/local/ssl/crt/public.crt
      SSLCertificateFile tells Apache how to find the the SSL certificate file.
    • SSLCertificateKeyFile /usr/local/ssl/private/private.key
      SSLCertificateKeyFile tells Apache how to find the private key file.
    • SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
      SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file.

  2. Once you have found the location of these files you can either move them to a single location somewhere in your drive or leave them in their current location and specify their locations in the command line when converting.
  3. Convert the Apache certificate your sever certiifcate, its private key and chain intermediate files into a single PFX/PKCS#12 by performing the following OpenSSL command – change the file paths as appropriate if needed:
    Note: In this example public.crt would be your SSL Server Certficiate, private.key would be your Private Key, intermediate.crt would be the intermediate ca chain file, and certificate.pfx would be your new converted pkcs12 ssl certificate file.

    openssl pkcs12 -export -in /path/to/public.crt -inkey /path/to/private.key -certfile /path/to/intermediate.crt -out certificate.pfx

    Another Example:

    opessl pkcs12 -export -out certificate.pfx -inkey private.key -in public.crt -certfile intermediate.crt
  4. The end result is that you will have a pfx file named certificate.pfx

Congrats you have converted your SSL certificate from Apache to a pfx/pkcs#12.

Note: That pfx files are used heavily in Microsoft environments. If you are having difficulties converting a Server Certificate from Apache to pfx or are having trust issues after conversion of the Apache environment to .pfx, you may want to consider generating the certificate keypair in the natural environment used by pfx files. Use a Microsoft IIS system > Generate the keypair /Generate CSR > perform a reissue or get a certificate from your CA > perform installation of server certificate > export certificate as pfx file from that IIS system.

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.