# Convert SSL PFX for NGINX Usage

NGINX doesn’t natively use a pfx key file (pfx is what Windows IIS needs). So, it must be converted to a private key, removing the public key from it.

Create the folder for storing SSL certificates:

```bash
cd /etc/nginx/
mkdir ssl
cd ssl
chmod 700 /etc/nginx/ssl
```

From the pfx file, recover the public certificate:

```bash
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out public.crt
```

From the pfx file, recover the encrypted private key:

```bash
openssl pkcs12 -in cert.pfx -nocerts -nodes -out private.rsa
```

Now, decrypt the encrypted private key:

```bash
openssl rsa -in private.rsa -out private.key
```

Move the public certificate and private key to the ssl folder, created earlier.

Set permissions on the ssl folder and files, so only root can access the certs and keys:

```bash
chmod 600 -R /etc/nginx/ssl/*
```