Depending on your network you may have to move your SSL/TLS server certificate and its private key from one system to another. This article covers how to move your SSL certificate, its private key, and its intermediate CA from Apache to pfx also known as a pkcs#12 file. This will require a conversion using OpenSSL that is on the Apache System.

Apache systems are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system. Below are generalized instructions.

We will start by assuming that you have already successfully installed the SSL certificate on the Apache web server.

To move your certificate keypair from Apache to PFX perform the following:

Step 1: Finding your SSL Certificate, its Private key, and Intermediate CA file on Apache:

  1. Referencing the httpd.conf or ssl.conf  file on the Apache system look for the location and directories of the three files necessary on the Apache system that has the installed SSL certificate.
    • SSLCertificateFile /usr/local/ssl/crt/public.crt
      SSLCertificateFile tells Apache how to find the the SSL certificate file.
    • SSLCertificateKeyFile /usr/local/ssl/private/private.key
      SSLCertificateKeyFile tells Apache how to find the private key file.
    • SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
      SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file.

      apache
  2. Once you have found the location of these files you can either move them to a single location somewhere in your drive or leave them in their current location and specify their locations in the command line when converting.
  3. Convert the Apache certificate your sever certiifcate, its private key and chain intermediate files into a single PFX/PKCS#12 by performing the following OpenSSL command – change the file paths as appropriate:
    openssl pkcs12 -export -in /path/to/ssl-cert.crt -inkey /path/to/private.key -certfile /path/to/intermediate-ca.crt -out cert-export.pfx
  4. The end result is that you will have a pfx file named cert-export.pfx

Congrats you have converted your SSL certificate from Apache to a pfx/pkcs#12.
Note: That pfx files are used heavily in Microsoft environments. If you are having difficulties converting a Server Certificate from Apache to pfx or are having trust issues after conversion of the Apache environment to .pfx, you may want to consider generating the certificate keypair in the natural environment used by pfx files. Use a Microsoft IIS system > Generate the keypair /Generate CSR > perform a reissue or get a certificate from your CA > perform installation of server certificate > export certificate as pfx file from that IIS system.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a Symantec Website Security Solutions Authorized Distributor and a Platinum Partner. Acmetek offers all 4 Brands of SSL Certificates: Symantec, Thawte, GeoTrust and RapidSSL. Offering Norton Shopping Guarantee that inspires trust and increases online sales with a 20x ROI Guarantee.

Contact an SSL Specialist to buy your SSL Certificates from Acmetek, a Symantec Strategic/Platinum Distributor.

Become a Partner and create additional revenue stream while the heavy lifting for you.