API Documentation
Home > Knowledge Base > ADCaaS - Load Balancing, General, Web Application API Protection > Can I upload a PFX certificate file?

Can I upload a PFX certificate file?

What is a PFX Certificate file?

A PFX certificate file, also known as PKCS #12, is a combined file that contains the server certificate, intermediate certificate as well as the matching private key and is password protected. These files are typically used on Windows systems and if you already have a certificate and key on a windows server, you can export it from there (with the private key) for use on the Total Uptime platform.

How do I upload the PFX to Total Uptime?

We cannot directly support uploading this type of file into the Total Uptime platform, but that doesn’t mean it isn’t supported. Our system requires separate certificate and key files, and both are inside the PFX file. So you simply need to extract them using either OpenSSL or a Windows® utility.

Apache web servers on Linux usually require certificates and keys in this separated format, so if you have the cert and key accessible there instead of a Windows server, you’re already good to go. Simply upload those separate files in our panel.

Extracting from a PFX using OpenSSL

To extract separate certificate and key files using OpenSSL, you will either need access to a Linux machine with OpenSSL installed, or you can install it on your Windows machine too. We have a KB article that discusses in great detail how to extract the PFX from Windows and split it out using this method.

But for the savvy, here is the command to split out the pfx into a text file where you’ll easily see the certificate and key:

openssl pkcs12 -in my-cert-name.pfx -out outputfile.txt -nodes

This creates a file where you’ll clearly see see the private key and the server certificate. Copy those portions into separate key and cert text files since those two files are what you’ll need to upload to our panel.

And while you’re at it, you might as well run the key file through OpenSSL to ensure it is properly formatted.

openssl rsa -in yourdomain-key.pem -out your-repaired-key.pem

Extracting from a PFX using a Windows Utility

DigiCert® has a pretty nice Certificate Utility that you can use to extract the server cert and private key from the PFX file, if you’re not keen on using OpenSSL. They also have a pretty nice KB article that shows you exactly how to use the tool to extract the private key and server certificate, both of which you’ll then want to upload into the Total Uptime panel.

The utility should be downloaded and run (it requires no install) from the Windows server that has the certificate and key already installed. You’ll easily see the certificates and the export button in the utility as soon as it is run.

Still having issues?

We hope these methods help you. But if you get stuck, do not hesitate to reach out to our support team. We’re here to help.

SSL Automation and Management