How to Extract SSL Certificates from a PFX File on macOS
If youโve ever been handed a .pfx file and told to โjust upload the certificate,โ you know the pain thatโs coming.
PFX (PKCS#12) files bundle your private key, SSL certificate, and any intermediate certificates into one encrypted file. Thatโs great until you actually need to extract those pieces for something like an NGINX server, AWS load balancer, or third-party CDN that wants them all separately.
MacOS has OpenSSL built in, which is all you need. Hereโs a simple shell script I use to generate the cert, private key, and chain in one shot and make them clipboard-ready for easy pasting.
Self-signed SSL certificates not working with MAMP and Chrome
I use MAMP Pro for most of my PHP development and Chrome has annoyingly been blocking the self-signed SSL certificates MAMP generates, saying the certificate is not valid and "Your connection is not private":ย
SSL, jQuery, and CDN
I just got whacked by a minor bug with SSL and the Google CDN (totally my fault, not theirs). I stuck the reference to the CDN in my master page not realizing one of the pages would be served up as secured by the vendor due to compliance issues. It made it through all testing because none of the staging/dev environments were configured for SSL and I was not made aware of the fact that we'd be serving the page up through SSL. Internet Explorer 8 prompted users about the insecure content before rendering the page. In their infinite wisdom, Microsoft decided to implement a new workflow for insecure content where the content is ignored and the page renders immediately with the unsecured content ignored. Since jQuery was used on multiple parts of the form, the site essentially broke. Google Chrome and Firefox seem to recognize the CDN as a trusted source and render the page as expected. To fix the site, I added a javascript check to set the appropriate prefix to the CDN call: