1

Extract Private Key and Chain Files from PFX Certificate for Nginx HTTPS

When using Nginx as a load balancer or a reverse proxy to serve on HTTPS protocol, Nginx expects the SSL certificate to be configured as a private key and chain files.

Please refer to the following commands to extract the key and chain from the certificate:

Create an encrypted key file:

openssl pkcs12 -in certificate.pfx -nocerts -out privkey.key

Extract the server certificate:
 

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out cert.crt

Extract the CA chain:
 

openssl pkcs12 -in certificate.pfx -cacerts -nokeys -out chain.crt

Create a full chain file:
 

cat cert.crt chain.crt > fullchain.crt

Reply

null
Login to reply

Content aside

  • 1 Likes
  • yesterdayLast active
  • 25Views
  • 1 Following
Related Articles
How to Use Nginx to Act as a Load Balancer
Extract Private Key and Chain Files from PFX Certificate for Nginx HTTPS
How to configure Nginx to act as a reverse proxy to support SSL
Log4J Remedies
Log4J Security Vulnerability & Pyramid
Issue when running a model that has JSON nodes that connect to HTTPS data source
How to update the Pyramid repository credentials.
Example of how to use the new Embed framework in Pyramid 2020.11 onwards
How to get Console logs and HAR logs from the Chrome browser DevTools
No proxy account was set for user (2020.10)
Security Notice: Linux Installations 2020.00-2020.05
Using Keystore Management Tool To Configure LDAPS or Content Migration Wizard in SSL Environments
Can't log in to pyramid?
Firewall Settings for Pyramid
Example of how to authenticate and embed Pyramid content.
How to change the default internal Pyramid website port
How to create a Pyramid website in IIS after an install.
Browser Settings for Windows Authentication
Cannot access Pyramid using IIS
How to enable SSL on Pyramid website and forward all HTTP request to HTTPS