{"id":52,"date":"2020-04-04T19:00:00","date_gmt":"2020-04-04T19:00:00","guid":{"rendered":"https:\/\/www.mainmind.com\/blog\/?p=52"},"modified":"2025-04-14T10:08:08","modified_gmt":"2025-04-14T10:08:08","slug":"convertir-certificado-pfx-a-crt","status":"publish","type":"post","link":"https:\/\/www.mainmind.com\/blog\/convertir-certificado-pfx-a-crt\/","title":{"rendered":"Convertir certificado PFX a CRT"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Si disponemos de un certificado en entornos Windows y queremos utilizar un certificado en otro tipo de dispositivos, por ejemplo un wilcard (*.midominio.com) podemos desglosar en dos partes utilizando <a href=\"https:\/\/sourceforge.net\/projects\/openssl\/\" target=\"_blank\" rel=\"noopener noreferrer\">OpenSSL<\/a>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nopenssl pkcs12 -in certificadoCompleto.pfx -nocerts -out llaveSegura.key\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\">De este modo tenemos en un archivo la parte correspondiente a la clave privada de forma encriptada (BEGIN ENCRYPTED PRIVATE KEY). Por otro lado tenemos el certificado firmado:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nopenssl pkcs12 -in certificadoCompleto.pfx -clcerts -nokeys -out certificado.crt\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\">Si necesitamos las claves sin encriptar (BEGIN RSA PRIVATE KEY), cuidado donde guardar este tipo de ficheros, podemos hacerlo mediante:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nopenssl rsa -in llaveSegura.key -out llaveNoSegura.key\n<\/pre><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"733\" height=\"210\" src=\"https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/PFX_to_CRT.jpg\" alt=\"\" class=\"wp-image-479\" srcset=\"https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/PFX_to_CRT.jpg 733w, https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/PFX_to_CRT-300x86.jpg 300w\" sizes=\"auto, (max-width: 733px) 100vw, 733px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Con estas 2+1 partes podremos instalar el certificado, por ejemplo en PLESK:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"191\" src=\"https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_CRT_PLESK.jpg\" alt=\"\" class=\"wp-image-472\" srcset=\"https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_CRT_PLESK.jpg 630w, https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_CRT_PLESK-300x91.jpg 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">O un certificado personalizado en Nginx Proxy Manager:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"773\" height=\"495\" src=\"https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_nginx_proxy.jpg\" alt=\"SSL_nginx_proxy sobre 2020\" class=\"wp-image-2286\" style=\"width:517px;height:auto\" srcset=\"https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_nginx_proxy.jpg 773w, https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_nginx_proxy-300x192.jpg 300w, https:\/\/www.mainmind.com\/blog\/wp-content\/uploads\/2020\/SSL_nginx_proxy-768x492.jpg 768w\" sizes=\"auto, (max-width: 773px) 100vw, 773px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">NOTA: A la hora de importar, puede que el fichero generado contenga cabeceras que algunos programas no descartan, por ejemplo <a rel=\"noreferrer noopener\" href=\"https:\/\/www.strongswan.org\/\" data-type=\"link\" data-id=\"https:\/\/www.strongswan.org\/\" target=\"_blank\">strongSwan<\/a>. Es necesario eliminar la parte inicial hasta la l\u00ednea que empieza el certificado<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nBag Attributes\n    friendlyName: \n    localKeyID: XX AA C6 59 0B 10 2F E9 42 A9 00 11 22 33 44 D2 1D CC DD EE \nsubject=\/CN=sub.midominio.com\nissuer=\/CN=sub.midomino.com\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\">ZYXEL: si contiene <a href=\"https:\/\/community.zyxel.com\/en\/discussion\/20286\/unable-to-import-pfx-file-with-intermediate-certificates#latest\" data-type=\"link\" data-id=\"https:\/\/community.zyxel.com\/en\/discussion\/20286\/unable-to-import-pfx-file-with-intermediate-certificates#latest\">certificados intermedios,<\/a> o<a href=\"https:\/\/community.zyxel.com\/en\/discussion\/19354\/how-to-import-the-certificate-for-local-gui-used#latest\" data-type=\"link\" data-id=\"https:\/\/community.zyxel.com\/en\/discussion\/19354\/how-to-import-the-certificate-for-local-gui-used#latest\"> el formato no es pkcs12<\/a> es m\u00e1s sencillo convertirlo:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nopenssl pkcs12 -export -inkey llaveSegura.key -in certificado.crt -out certificadoZYXEL.pfx\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>Si disponemos de un certificado en entornos Windows y queremos utilizar un certificado en otro tipo de dispositivos, por ejemplo un wilcard (*.midominio.com) podemos desglosar en dos partes utilizando OpenSSL: De este modo tenemos en un archivo la parte correspondiente a la clave privada de forma encriptada (BEGIN ENCRYPTED PRIVATE KEY). Por otro lado tenemos [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[47,46,233,985,984,45,44],"class_list":["post-52","post","type-post","status-publish","format-standard","hentry","category-seguridad","tag-certificado","tag-crt","tag-key","tag-nginx","tag-opensll","tag-pfx","tag-ssl"],"_links":{"self":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/comments?post=52"}],"version-history":[{"count":3,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts\/52\/revisions"}],"predecessor-version":[{"id":2406,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts\/52\/revisions\/2406"}],"wp:attachment":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/media?parent=52"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/categories?post=52"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/tags?post=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}