PKCS#12 archives (commonly known as
.pfx files) usually contain both a certificate and its private key, sometimes with password protection. In order to use these with a server like nginx or Apache, we need to extract these objects and convert them using openssl.
(The commands below assume your file is named
Extracting the private key
openssl pkcs12 -in certificate.pfx -out private.key -nocerts -nodes
Extracting the PEM certificate
openssl pkcs12 -in certificate.pfx -out cert.pem -clcerts -nokeys
Extracting intermediate certificates
openssl pkcs12 -in certificate.pfx -out ca.pem -clcerts -nokeys
Alternatively, you could use a tool like https://whatsmychaincert.com to generate this based on your public certificate.