Create Certificate Files for Apache on Linux

★☆★☆ Prerequisite: Certificate file in .pfx format ★☆★☆

Instructions

• SSH to the ServerTake the file you exported (e.g. THISISIT.pfx) and copy it to a system where you have OpenSSL installed.
• Note the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
• Run the following command to export the private key

openssl pkcs12 -in THISISIT.pfx -nocerts -out star2022.key -nodes

• Run the following command to export the certificate

openssl pkcs12 -in THISISIT.pfx -nokeys -out star2022.pem

• Run the following command to remove the passphrase from the private key

openssl rsa -in star2022.key -out star2022r.key

• Locate and edit the appropriate Apache configuration file. (e.g. vi /etc/apache2/sites-enabled/default-ssl.conf)
• Find the lines in the config file similar to the first two here and remark them out.
• Then add the new lines as listed below.

#SSLCertificateFile /etc/pki/tls/certs/star2021.pem
#SSLCertificateKeyFile /etc/pki/tls/private/star2021.key
SSLCertificateFile /etc/pki/tls/certs/star2022.pem
SSLCertificateKeyFile /etc/pki/tls/private/star2022.key

• Copy the newly created files to the appropriate locations based on the config file.
• Restart Apache (e.g. /etc/init.d/httpd restart OR service apache2 restart)