{"id":8488,"date":"2025-12-03T10:55:55","date_gmt":"2025-12-03T03:55:55","guid":{"rendered":"https:\/\/longvan.net\/cong-dong\/?p=8488"},"modified":"2025-12-03T10:55:55","modified_gmt":"2025-12-03T03:55:55","slug":"huong-dan-tao-file-pfx-cho-chung-chi-ssl-linux","status":"publish","type":"post","link":"https:\/\/longvan.net\/cong-dong\/huong-dan-tao-file-pfx-cho-chung-chi-ssl-linux\/","title":{"rendered":"H\u01b0\u1edbng D\u1eabn T\u1ea1o File Pfx Cho Ch\u1ee9ng Ch\u1ec9 SSL Linux"},"content":{"rendered":"<h5>I. PFX l\u00e0 g\u00ec? Khi n\u00e0o c\u1ea7n d\u00f9ng?<\/h5>\n<ul>\n<li>PFX (ho\u1eb7c PKCS#12) l\u00e0 \u0111\u1ecbnh d\u1ea1ng ch\u1ee9ng ch\u1ec9 ch\u1ee9a:\n<ul>\n<li>Private Key<\/li>\n<li>Public Certificate<\/li>\n<li>CA Chain<\/li>\n<\/ul>\n<\/li>\n<li>PFX th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng cho:\n<ul>\n<li>Windows Server \/ IIS<\/li>\n<li>Java keystore import<\/li>\n<li>Software k\u00fd s\u1ed1 n\u1ed9i b\u1ed9<\/li>\n<li>M\u1ed9t s\u1ed1 h\u1ec7 th\u1ed1ng thanh to\u00e1n \/ ng\u00e2n h\u00e0ng<\/li>\n<li>Thi\u1ebft b\u1ecb SmartCard \/ HSM<\/li>\n<\/ul>\n<\/li>\n<li>M\u1ed9t s\u1ed1 h\u1ec7 th\u1ed1ng \u0111\u1eb7c bi\u1ec7t y\u00eau c\u1ea7u PFX t\u1ea1o b\u1eb1ng thu\u1eadt to\u00e1n c\u0169 nh\u01b0:\n<ul>\n<li>PBE-SHA1-3DES cho private key &amp; certificate<\/li>\n<li>T\u1eaft MAC (-nomac) \u0111\u1ec3 tr\u00e1nh l\u1ed7i kh\u00f4ng t\u01b0\u01a1ng th\u00edch<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5>II. Chu\u1ea9n b\u1ecb tr\u01b0\u1edbc khi t\u1ea1o PFX<\/h5>\n<ul>\n<li>B\u1ea1n c\u1ea7n 3 file key b\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o c\u00e1c <a href=\"https:\/\/longvan.net\/ssl\">D\u1ecbch v\u1ee5\u00a0 ssl t\u1ea1i\u00a0<\/a> :\n<ul>\n<li>Private Key\n<ul>\n<li><strong>data.domain.vn.key<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>SSL Certificate\n<ul>\n<li><strong>domain_cert.pem<\/strong><\/li>\n<\/ul>\n<\/li>\n<li><strong>Root CA<\/strong> v\u00e0 <strong>Intermediate CA <\/strong>(K\u1ebft h\u1ee3p 2 file n\u00e0y ch\u00fang ta s\u1ebd \u0111\u01b0\u1ee3c<strong> CA_bundle.crt <\/strong>ho\u1eb7c <strong>Bundle.cert<\/strong>)\n<ul>\n<li><strong>CA_bundle.crt<\/strong><\/li>\n<\/ul>\n<\/li>\n<li><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8489\" src=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_15.png\" alt=\"\" width=\"775\" height=\"154\" srcset=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_15.png 775w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_15-300x60.png 300w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_15-768x153.png 768w\" sizes=\"auto, (max-width: 775px) 100vw, 775px\" \/><\/li>\n<\/ul>\n<\/li>\n<li>\u1ede \u0111\u00e2y ph\u1ea7n thao t\u00e1c s\u1ebd \u1edf server linux\u00a0 ph\u1ea7n th\u01b0 m\u1ee5c b\u1ea1n c\u00f3 th\u1ec3 \u0111\u1ec3 \u1edf d\u01b0\u1eddng n\u00e0o m\u00e0 b\u1ea1n mu\u1ed1n v\u00ed d\u1ee5 \u1edf \u0111\u00e2y\u00a0 l\u00e0\u00a0 \/root\/ssl\/\n<ul>\n<li><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8491\" src=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_17.png\" alt=\"\" width=\"529\" height=\"126\" srcset=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_17.png 529w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_17-300x71.png 300w\" sizes=\"auto, (max-width: 529px) 100vw, 529px\" \/><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5>III. Ki\u1ec3m tra c\u00e1c file tr\u01b0\u1edbc khi export (khuy\u1ebfn ngh\u1ecb)<\/h5>\n<ul>\n<li>Ki\u1ec3m tra private key &amp; certificate\n<ul>\n<li>\u1ede \u0111\u00e2y c\u00f3 th\u1ec3 ki\u1ec3m tra ph\u1ea7n key kh\u1edbp v\u1edbi nhau hay kh\u00f4ng qua ph\u1ea7n\u00a0 tool \u1edf web <a href=\"https:\/\/www.sslshopper.com\/certificate-key-matcher.html\">https:\/\/www.sslshopper.com\/certificate-key-matcher.html<\/a><\/li>\n<li>Nh\u01b0 \u1edf h\u00ecnh sau ph\u1ea7n k\u1ebft private key &amp; certificate kh\u1edbp v\u1edbi nhau<\/li>\n<li><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8492\" src=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_18.png\" alt=\"\" width=\"892\" height=\"778\" srcset=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_18.png 892w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_18-300x262.png 300w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_18-768x670.png 768w\" sizes=\"auto, (max-width: 892px) 100vw, 892px\" \/><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5>IV. T\u1ea1o file PFX b\u1eb1ng OpenSSL<\/h5>\n<ul>\n<li>Truy c\u1eadp v\u00e0o server linux c\u1ea7n th\u1ef1c hi\u1ec7n convert Pfx\n<ul>\n<li>L\u1ec7nh thao t\u00e1c convert<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<blockquote>\n<hr \/>\n<p>openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -out <span style=\"color: #ff6600;\">data_key.pfx<\/span> -inkey <span style=\"color: #ff6600;\">domain.key<\/span> -in <span style=\"color: #ff6600;\">domain_CERT.pem<\/span> -certfile <span style=\"color: #ff6600;\">bundle.crt<\/span><\/p>\n<hr \/>\n<\/blockquote>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><span style=\"color: #ff6600;\">data_key.pfx\u00a0<span style=\"color: #000000;\">: T\u00ean file key pfx <\/span>\u00a0\u00a0<\/span><\/li>\n<li><span style=\"color: #ff6600;\">domain.key\u00a0<span style=\"color: #000000;\">:\u00a0 thay file private key<\/span><\/span><\/li>\n<li><span style=\"color: #ff6600;\">domain_CERT.pem\u00a0<span style=\"color: #000000;\">: thay th\u00e0nh file\u00a0SSL Certificate<\/span><\/span><\/li>\n<li><span style=\"color: #ff6600;\">bundle.crt\u00a0<span style=\"color: #000000;\">:\u00a0 thay th\u00e0nh file Root\/Intermediate CA ( <\/span><\/span>CA_bundle.crt)<\/li>\n<\/ul>\n<\/li>\n<li>Sao khi th\u1ef1c hi\u1ec7n l\u1ec7nh s\u1ebd c\u00f3 ph\u1ea7n c\u1ea5u h\u00ecnh pass cho ph\u1ea7n file \u1edf \u0111\u00e2y ch\u1ec9 c\u1ea7n nh\u1eadp v\u00e0 xac th\u1ef1c l\u1ea1i ph\u1ea7n pass m\u00e0 ban mu\u1ed1n c\u1ea5u h\u00ecnh cho file pfx<\/li>\n<li><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-8494\" src=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_19-1024x85.png\" alt=\"\" width=\"1024\" height=\"85\" srcset=\"https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_19-1024x85.png 1024w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_19-300x25.png 300w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_19-768x64.png 768w, https:\/\/longvan.net\/cong-dong\/wp-content\/uploads\/2025\/11\/Screenshot_19.png 1233w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/li>\n<\/ul>\n<\/li>\n<li>\u1ede b\u01b0\u1edbc n\u00e0y \u0111\u00e3 ho\u00e0n th\u00e0nh vi\u1ec7c xu\u1ea5t file pfx hi\u1ec7n ch\u1ec9 c\u1ea7n thoa t\u00e1c c\u1ea5u h\u00ecnh cho c\u00e1c d\u1ecbch v\u1ee5 \u1edf b\u00e0i h\u01b0\u1edbng d\u1eabn <a href=\"https:\/\/longvan.net\/cong-dong\/huong-dan-cau-hinh-ssl-tren-iis\/\">c\u1ea5u h\u00ecnh ssl tr\u00ean\u00a0 IIS\u00a0<\/a> sau .<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Nh\u01b0 v\u1eady, Long V\u00e2n \u0111\u00e3 h\u01b0\u1edbng d\u1eabn qu\u00fd Kh\u00e1ch t\u1ea1o file Pfx SSL tr\u00ean linux . Ch\u00fac qu\u00fd Kh\u00e1ch th\u00e0nh c\u00f4ng.<\/p>\n<p><img decoding=\"async\" id=\"image-hover-icon\" style=\"position: absolute; width: 25px; height: 25px; cursor: pointer; left: 136px; top: 611.531px; opacity: 0.7;\" src=\"\/\/pbhpcbdjngblklnibanbkgkogjmbjeoe\/src\/public\/images\/128px.png\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I. PFX l\u00e0 g\u00ec? Khi n\u00e0o c\u1ea7n d\u00f9ng? PFX (ho\u1eb7c PKCS#12) l\u00e0 \u0111\u1ecbnh d\u1ea1ng ch\u1ee9ng ch\u1ec9 ch\u1ee9a: Private Key Public Certificate CA Chain PFX th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng cho: Windows Server \/ IIS Java keystore import Software k\u00fd s\u1ed1 n\u1ed9i b\u1ed9 M\u1ed9t s\u1ed1 h\u1ec7 th\u1ed1ng thanh to\u00e1n \/ ng\u00e2n h\u00e0ng Thi\u1ebft b\u1ecb SmartCard \/ HSM M\u1ed9t [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"footnotes":""},"categories":[1,4],"tags":[],"class_list":["post-8488","post","type-post","status-publish","format-standard","hentry","category-huong-dan-chung","category-linux"],"_links":{"self":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts\/8488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/comments?post=8488"}],"version-history":[{"count":3,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts\/8488\/revisions"}],"predecessor-version":[{"id":8512,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts\/8488\/revisions\/8512"}],"wp:attachment":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/media?parent=8488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/categories?post=8488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/tags?post=8488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}