Secure Socket Layer (SSL) is a form of encryption that uses Certificate Authorities to validate a safe connection between systems. At StackPath, you can upload your own SSL certificates to use custom URLs instead of the CDN URL provided to you. Sometimes, however, these certificates are provided in an encrypted form, that needs to be converted to a format you can upload.
This article will walk a user through the process of converting a .pfx file to a .crt and .key file so that the SSL certificate can be uploaded into the StackPath Portal.
.pfx file is a PKCS#12 archive: a file that can contain a lot of objects with optional password protection; but, usually, a PKCS#12 archive has a certificate (possibly with its assorted set of CA certificates) attached to it and the corresponding private key.
That's how .crt or .cer files differ from .pfx files - they contain a single certificate file, without any keys attached.
The StackPath portal requires that you upload the certificate and key in their separate corresponding fields and this is how you can extract them from your .pfx file.
Navigate to the terminal of your operating system and execute the following commands to extract the files:
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
These two commands will generate two separate files which you can later use in your Stackpath SSL configuration.