You may required to install a same certificate on multiple servers. For example, a Wildcard Certificate can be used to secure multiple servers on the sub domain level. In such cases, you can export the certificate from one server to another in PKCS#12 format. You can directly install the PKCS#12 format on Windows based servers, but you need to convert them into PEM format when using with Linux based servers, like Apache, NGINX,etc. This article will help you convert the PKCS#12 ( PFX/P12) file into a Base 64 Encoded x509 (PEM) format.

Extracting the Server Certificate from PKCS#12

$ openssl pkcs12 -in filename.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > yourDomain.crt

Extracting the Private Key from PKCS#12

$ openssl pkcs12 -in filename.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > server.key

Extracting the CA Certificate Chain / Bundle from PKCS#12

$ openssl pkcs12 -in filename.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > CABundle.crt

You can now use 'yourDomain.crt', 'server.key' and the 'CABundle.crt' to configure SSL on the Linux Based servers.