Nginx .pfx SSL Private Key

I was just given an .pfx private key, and to my knowledge Nginx does not support this key format. So let's convert it to an .rsa file format. If you are on linux, this is super easy using the command line openssl program. If you are on Windows, I have no idea how to do that. But you could probably upload the .pfx file to the *nix server that is running your Nginx instance, and convert the file there. So let's get started.

How to Use a .pfx File in Nginx.

First copy get the file to your linux machine, and open up a terminal (or SSH into it).

After looking into this, it seems the .pfx file contains the public cert and private key.

# Extract the Public Cert
$ openssl pkcs12 -in ./file.pfx -clcerts -nokeys -out public.crt

# Extract the Private Key
openssl pkcs12 -in ./file.pfx -nocerts -nodes -out private.rsa

Now the rest should be as usual, per the Nginx Documentation.


I would recommend moving these files to /etc/nginx/ssl and chmod 400 both of them. Possibly setting the owner to www-data also. Using sudo chown www-data:www-data /file/name/here

Nginx SSL Configuration (from.pfx)

Go to your Config file for the domain you want to use the SSL Cert on, and add the required configurations, similar to below.

server {

    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/public.crt;
    ssl_certificate_key /etc/nginx/ssl/private.rsa;

    location / {
        # ... Your usual configurations here ...

If this helped you out, I am glad to have helped. If not, there are plenty of other articles online about this.