Nginx Certificate Installation from PFX File

Written by James McDonald

June 28, 2019

# if your pfx file is
# split the name up so you can have a descriptive
# cert and key name

# create pem fromat certs from pfx fiiles
# and a decrypted key

openssl pkcs12 -in ${OUT}${PFX} -nocerts -out ${OUT}.key
# you will prompted for the pfx password... 

# create an unencrypted file so you can restart nginx without entering
# a passphrase each time
openssl rsa -in ${OUT}.key -out ${OUT}-decrypted.key

openssl pkcs12 -in ${OUT}${PFX} -clcerts -nokeys -out ${OUT}.cert

# you need to download the chain of certificates and combine them in the right order (your ssl cert, intermediate then root cert)

cat \
globalsignintermediate.crt \
globalsignr3root.crt >

mkdir /etc/nginx/ssl
chmod 700 /etc/nginx/ssl

cp /etc/nginx/ssl
cp /etc/nginx/ssl

# make sure only root can read or access the certs/keys
chmod 600 /etc/nginx/ssl/*

The ssl_certficate and ssl_certificate_key list the path to the certs and keys relative to your /etc/nginx/nginx.conf file

server {
    listen 443 ssl;
    ssl_certificate      ssl/;
    ssl_certificate_key  ssl/;
    # ... rest of config

It’s a good idea to do a syntax check before restarting the nginx server

$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
service restart nginx 
systemctl restart nginx


Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Ubuntu on Hyper-v

It boils town to installing linux-azure # as root or sudo apt-get update apt-get install linux-azure...