How to install an SSL Certificate using a .pfx file

Do you have .pfx file and trying to pull your hair to install certificate? Well, you are at the right place. You can easily setup SSL Certificate just using .pfx file. Here are the steps I used to install SSL Certificate successfully.

First of all, you need to create signed public certificate also known as public key and private key without passphrase. Let me show you how. Enter follow lines of command in your terminal once you logged in your server using SSH. I hope you know how to do that else let me know ?. Let’s not waste our time ?.

cd /etc/nginx/
mkdir ssl
cd ssl
wget www.your_website.com/location_to_pfx_folder/cert.pfx

wget helps to download file from url. Please note, you need to upload cert.pfx file in your own server so that you get a link. Let me know this as well if you are confused on how to upload stuff and get link.

Next step is to extract public certificate from .pfx file. And the command to do so is as follow. While doing so, you might ask to type password. If you don’t have password, ask a person who gave you .pfx file.

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out public.crt

Now let’s extract private key. Type the same password entered for above command. Here is a command.

openssl pkcs12 -in cert.pfx -nocerts -nodes -out private.rsa

Let’s make sure that these 2 files are only readable. Use following command to make public.crt and private.rsa files readable.

chmod 400 /etc/nginx/ssl/*

Once public and private files are created, we need to locate these certificates in default file. Use nano command to edit default file. Don’t get confused with default file. It is just a file without any extension where we define configurational information.

 sudo nano /etc/nginx/sites-available/default

Now make sure you have these information in your default file.

server {
    listen 80;
    listen 443 ssl;
    ssl on;

    server_name yourDomain.com;
    root your_website_project_directory_path;
 
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
 
    index index.html index.htm index.php;
 
    ssl_certificate /etc/nginx/ssl/public.crt;
    ssl_certificate_key /etc/nginx/ssl/private.rsa;

    # your other server configurations
}

Once you are done use following commands to save the changes

control+x
y
enter or return

To restart nginx server, use following command.

sudo /etc/init.d/nginx restart

That’s all. Now you must see https in your website. Congratulations. ? Well done. Let me know if you still have some issue. I will be happy to help you.

Thanks