I have a PFX that I want to convert to a CRT and Key or PEM and Key to install on an NGINX endpoint. When I import the pfx to my cert store on my windows machine it creates the certificate, the intermediate chain, and the root CA.
If I take that PFX and run the following openssl commands I and bind it to the endpoint, I don't get all the certificates in the chain:
openssl pkcs12 -in ./GoDaddy.pfx -clcerts -nokeys -out pcc.crt -nodes -nokeys
openssl pkcs12 -in ./GoDaddy.pfx -nocerts -nodes -out pcc.rsa -nodes -nokeys
Is there a switch or command I can run to convert the PFX to a crt / rsa or pem /key with all of the certificates up the chain to the root CA?
Best Answer
Since you want everything, you just need to reduce the number of restrictions you are asking for.
so:
If you read the documentation you will see what you are asking for: