Convert .p12 and install in apache server

If you have a pkcs12 file (from IIS for example) and if you need to install the certificate on an Openssl-compatible product such as Apache, you will have to extract the content of the pkcs12 to get several files.

First of all, create a global file (package):

openssl pkcs12 -in yourpkcs12.pfx -out package.pem -nodes

Then duplicate that package file to get 3 different files:

cp package.pem mykey.key
cp package.pem mycert.cer
cp package.pem mychain.txt

Edit each of those files via a test editor. Warning: You need to use a text editor that can interpret OpenSSL-style end-of-lines (under Windows, use an editor compatible with UNIX):

in mykey.key only keep the "PRIVATE KEY" bloc
in mycert.cer only keep the "BEGIN CERTIFICATE" bloc, corresponding to your server certificate (you know it by reading the comment that appears just above)
in mychain.txt only the "BEGIN CERTIFICATE" bloc(s) other than your server certificate (you know it by reading the comment that appears just above)

Those 3 files are usable (even if you might need to convert them into a format compatible with your SSL server)!

Warning: If you create your pfx on Microsoft, do not activate the "enhanced security"!

Share

Leave a Reply