Tuncay Sahin

ICT Engineer | Docent ICT & Trainer

If you have PFX certificate, you can convert this with OpenSSL to Apache compatible format.

PFX PFX defines a file format commonly used to store private with accompanying public key certificates, protected with a password-based symmetric key (standard-PKCS12).
PEM Openssl usages PEM (Privacy Enhanced Mail Certificate) to store the private key.


Follow the procedure below to extract separate certificate and private key files from the .pfx file. Openssl  commandline-tool is required

Extract the certificate (the signed public key)

openssl pkcs12 -in domain.pfx -clcerts -nokeys -out cert.pem

Extract the private key

openssl pkcs12 -in domain.pfx -nocerts -nodes  -out key.pem

Decrypts the key for use with Apache by removing the passphrase from the private key

openssl rsa -in key.pem -out server.key

Extract the CA Certificate

openssl pkcs12 -in domain.pfx -out domain-ca.pem -nodes -nokeys –cacerts

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Creating .pfx file from certificate and private key

openssl pkcs12 -export -out your.domain.com.pfx -inkey private.key -in certificate.crt -certfile CACert.crt

Enable SSL

Now add the following directives to your SSL configuration to enable SSL on your site:

LoadModule ssl_module modules/mod_ssl.so

Listen 443

<VirtualHost *:443>


SSLEngine on

SSLCertificateFile /path/to/cert.pem

SSLCertificateKeyFile /path/to/server.key

SSLCACertificateFile /path/to/domain-ca.pem






Meer informatie

Voor meer informatie of voor een persoonlijk adviesgesprek kunt u altijd vrijblijvend contact met mij opnemen.