Last active
November 2, 2015 14:08
-
-
Save sancel22/2a57fad3eaf7f9dbe17d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
source: http://melp.nl/2012/07/using-a-pfx-to-install-an-ssl-certificate/ | |
Got a .pfx file and need to install an SSL certificate with this? Here’s how I did it. You’ll need to extract the signed public certificate (public key) and the private key without passphrase. | |
#!shell | |
cd /etc/nginx/ | |
mkdir ssl | |
cd ssl | |
mv /path/to/pfx/file.pfx . | |
chmod 400 file.fpx | |
First extract the public certificate. You might be asked for a password. | |
#!shell | |
openssl pkcs12 -in ./file.pfx -clcerts -nokeys -out public.crt | |
And extract the private key: | |
#!shell | |
openssl pkcs12 -in ./file.pfx -nocerts -nodes -out private.rsa | |
Now you can test the server on an arbitrary port, using openssl: | |
#!shell | |
openssl s_server -www -accept 443 -cert ./public.crt -key ./private.rsa | |
Make sure no one can read the files other than you: | |
#!shell | |
chmod 400 /etc/nginx/ssl/* | |
With NginX it is now easy to fire up the server. I used a proxy for this, because from an architecture perspective, this is the easiest: | |
server { | |
server_name example.org; | |
listen 443 ssl; | |
ssl_certificate /etc/nginx/ssl/public.crt; | |
ssl_certificate_key /etc/nginx/ssl/private.rsa; | |
location / { | |
proxy_pass http://example.org/; | |
proxy_set_header Host $host; | |
proxy_set_header X-Ssl on; | |
} | |
} | |
I pass an additional X-Ssl header to the backend so they know we’re publicly serving through the SSL proxy (e.g. for building absolute URL’s). Once you actually know how to do it, it is easy as pie. | |
With thanks to Yadab Das and Berk D. Demir |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment