Create a PFX certificate file using OpenSSL

I usually work with Linux-based operating systems for web development. However, my company does run a couple of Microsoft Windows(R) servers for internal financial systems. When securing connections to Windows services, it is often useful to have certificates available in PFX format.

To convert a private key, certificate, and (optionally) any trusted chains; you will need the following:

  • The private key file.
  • A PEM containing the corresponding certificate.
  • Additional trust chains to be included (may also be included in the PEM in bullet 2).
  • OpenSSL (I tested this with the Mac OS X High Sierra – LibreSSL 2.2.7).

Place all of the files in your home directory and start a terminal session. Execute the following command, replacing the file names where appropriate for the files you have prepared:

openssl pkcs12 -export -out trevweb.pfx -inkey trevweb.key -in trevweb.crt -certfile trust-chain.crt

Assuming everything executed correctly, you should now have a ‘trevweb.pfx’ file located in your home directory ready to be imported easily by Windows services. A PFX, or I think more accurately a PKCS #12, file is a binary file format that may contain multiple certificate bundles.

SSLing All of My Things

I have been thinking about activating HTTPS/SSL on all my web things for a while now. I was procrastinating for two reasons; avoiding expenditure and not wanting to mess about with configurations.

Enter Let’s Encrypt and the emergence of widely available and free SSL/TLS certificates. I tend to use Apache on Ubuntu/Debian and often use Plesk for managing some small virtual private servers. Let’s Encrypt provides easy and simple means for a person like me to automatically install SSL certificates; there’s even a Plesk plugin.

My ISP, OVH, has even taken the trouble to support Let’s Encrypt as a sponsor and enable SSL hosting, free of charge, with all of their hosting packages. I think this is a great move.

So, with my reasons for procrastinating gone, it’s about time I get to work! I’ve started with this blog and I hope you’re viewing this post securely!