1 min read
Apache vHost with SSL Certicate converted from .pfx Export file
January 27, 2014
This is an simple example for an Apache vHost SSL vHost configuration:
<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /path/to/certificate.crt SSLCertificateKeyFile /path/to/keyfile.key </VirtualHost>
When buying a certificate from you CA (Certification Authority) e.g. a wildcard certificate for *.domain.com, you have to convert this file to different formats in order to use them with you Apache installation.
To convert these files use OpenSSL.
First file you’ll need is the public certificate.
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
Now you can chose between the encrypted and decrypted key file.
If chosing the encrypted key file, Apache will prompt every time starting or starting the web service for the certificate pass-phrase.
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
Otherwise Apache won’t prompt for an pass-pharase, but be aware, if you’re losing this decrypted key file you certificate will be worthless.
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]