VSys One: Volunteer Management Software

Previous Topic

Next Topic

Book Contents

Book Index

Extracting SSL Certificates from a PFX file

Your SSL certificate vendor may provide you with a .pfx instead of the more common - and required by VSys Live - .key and .crt files. If they do this the most simple fix is to ask them for the files in a format compatible with OpenSSL, which is what VSys Live uses. If that's not possible, below are the instructions for extracting the necessary certificate files from that .pfx file.

In order to extract the combined certificate file into a site certificate and private key, the .pfx file needs to be opened up in OpenSSL and extracted back out to a normal text file. From that text file we can create the individual .crt and .key files. This will need to be done on either the VSys Live server or any other Windows PC environment where OpenSSL is installed. This process presupposes that the VSys Live installer has been run at least once; its installation also installs OpenSSL.

  1. Open a Windows command prompt, running it as Administrator.
  2. Configure OpenSSL to use the openssl.cnf file already created by VSys Live. That file will be located in x:\VSysLive\Apache\conf\openssl.cnf, where "X" is the drive on which VSys Live was installed.
    set OPENSSL_CONF=”X:\VSysLive\Apache\conf\openssl.cnf"
    Unless something went wrong, you won't get any response.
  3. Switch to the directory where OpenSSL is installed, again replacing "X" with the drive on which VSys Live is installed
    cd \VSysLive\Apache\bin
  4. Start OpenSSL:
    openssl
  5. Extract the text files, entering in the appropriate location for the .pfx file you're working with:
    pkcs12 -in "c:\certs\test.com.pfx" -out "c:\certs\certificate.txt" -nodes
  6. Hit Enter when prompted for an import password (if a password was associated with the .pfx file, this process will likely not work.)
  7. Open the created file in Notepad, in this case c:\certs\certificate.txt.
  8. In that file, the very first section between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- is the site's SSL certificate.

    Copy/paste that text - including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- sections - into a new Notepad document.
  9. Save that document as, for example, c:\certs\test.crt (the .crt extension is important!)
  10. In the original certs.txt file, look for -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.

    Copy/paste that text, including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, into a new Notepad document. Save that as, for example, c:\certs\certs.key (the .key extension is important).
  11. Now you can load the .crt and .key files created here into the VSys Live installation settings.

If any intermediate certificate files are required by your SSL certificate vendor, you may or may not find them in this .pfx file. Instead, get them directly from your certificate provider directly.

See Also

SSL Certificates

Generating a Certificate Signing Request (CSR)

Hand-updating SSL Certificates