Convert SSL PFX for NGINX Usage

NGINX doesn’t natively use a pfx key file (pfx is what Windows IIS needs). So, it must be converted to a private key, removing the public key from it. 

 Create the folder for storing SSL certificates: 

 cd /etc/nginx/

mkdir ssl

cd ssl

chmod 700 /etc/nginx/ssl 

 From the pfx file, recover the public certificate: 

 openssl pkcs12 -in cert.pfx -clcerts -nokeys -out public.crt 

 From the pfx file, recover the encrypted private key: 

 openssl pkcs12 -in cert.pfx -nocerts -nodes -out private.rsa 

 Now, decrypt the encrypted private key: 

 openssl rsa -in private.rsa -out private.key 

 Move the public certificate and private key to the ssl folder, created earlier. 

 Set permissions on the ssl folder and files, so only root can access the certs and keys: 

 chmod 600 -R /etc/nginx/ssl/*