NGINX: import a PFX SSL certificate
Recently I had to update the SSL certificates for one of my customers. Since I only received a PFX file (exported from IIS) I had to find a way of using that with NGINX.
This is the easiest way I found of doing that. Note that after the first 2 steps you’ll have to provide the PFX password.
Step 1: Extract CRT file using openssl
openssl pkcs12 -in your-file-name.pfx -clcerts -nokeys -out domain.name.crtStep 2: Extract the private key
openssl pkcs12 -in your-file-name.pfx -nocerts -nodes -out domain.name.rsa
Since this certificate was issued by GoDaddy I also had to get the Intermediate Certificate and chain both certificates. You can download your Intermediat Certificate from GoDaddy Repository
Step 3: Chaining certificates
cat domain.name.crt gdig2.crt.pem > domain.name.chained.crtStep 4: Installing the certificate in NGINX
In your NGINX config file or snippets/snakeoil.conf (depending on many variables) you’ll have to add the following lines:
ssl_certificate /path/to/domain.name.chained.crt
ssl_certificate_key /path/to/domain.name.rsaThat’s it. Restart your NGINX instance and you should be ok.