NGINX: import a PFX SSL certificate

Recently I had to update the SSL certificates for one of my customers. Since I only received a PFX file (exported from IIS) I had to find a way of using that with NGINX.

NGINX: import a PFX SSL certificate
Photo by Stephen Phillips - / Unsplash

This is the easiest way I found of doing that. Note that after the first 2 steps you’ll have to provide the PFX password.

Step 1: Extract CRT file using openssl

openssl pkcs12 -in your-file-name.pfx -clcerts -nokeys -out

Step 2: Extract the private key

openssl pkcs12 -in your-file-name.pfx -nocerts -nodes -out

Since this certificate was issued by GoDaddy I also had to get the Intermediate Certificate and chain both certificates. You can download your Intermediat Certificate from GoDaddy Repository

Step 3: Chaining certificates

cat gdig2.crt.pem >

Step 4: Installing the certificate in NGINX

In your NGINX config file or snippets/snakeoil.conf (depending on many variables) you’ll have to add the following lines:

ssl_certificate /path/to/
ssl_certificate_key /path/to/

That’s it. Restart your NGINX instance and you should be ok.

Mastodon Romania