Problem Description: 

Infoworks DataFoundry service requires SSL certificate and private key as separate files to configure SSL encryption

Many SSL vendors ship the SSL certificate in PFX format. 

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. 


We will need to extract the certificate file and private key from the .pfx file using openSSL

Step 1:  

Install openssl 

Command:   openssl version

If you’re using Linux, you can install OpenSSL with the following YUM console command:

Command:   yum install openssl

If your distribution is based on APT instead of YUM, you can use the following command instead:

Command:   apt-get install openssl

Step 2:

We’ll start by extracting the CRT file using openssl with the following command

Command: openssl pkcs12 -in ./YOUR-PFX-FILE.pfx -clcerts -nokeys -out infoworks_ssl.crt

Followed by extracting the private key with the following command

Command: openssl pkcs12 -in ./YOUR-PFX-FILE.pfx -nocerts -nodes -out infoworks_ssl.rsa

Note: PKCS#12 is a password-protected format, in order to execute all the above commands you’ll be prompted for the password that has been used when creating the .pfx file.

Step 3: 

Once you extract the certificate and private key to a location on the DataFoundy instance which is accessible by the infoworks user, please follow the below process: 


  1. Navigate to Ngnix configuration directory , 

Command: cd ${IW_HOME}/resources/nginx-portable/conf/Infoworks


  1.  Edit the platform.conf.template file ; 

Command: vi platfrom.conf.template

  1.  Add the string ssl after the proxy server port as follows:

               listen ${PROXY_SERVER_PORT} ssl;

  1.  Add the respective SSL certificate key path and certificate file path as described below:


  1. Uncomment # ssl_certificate /etc/nginx/ssl/infoworks_ssl.crt; line.

  2. Update it to ssl_certificate <path-to-certificate>/infoworks_ssl.crt;, 

where path-to-certificate is your respective path to the generated certificate file

  1. Uncomment # sslcertificate key /etc/nginx/ssl/infoworks_ssl.key; line.

  2. Update it to ssl_certificate_key <path-to-certificate>/infoworks_ssl.rsa;,

where path-to-certificate is your respective path to the generated certificate file.

  1.  Restart Nginx service using the following commands after navigating to Infoworks bin:

Command: cd ${IW_HOME}/bin

Command: ./ nginx && ./ UI

Command: ./ nginx && ./ UI


Applicable Infoworks versions 


Infoworks v3.1.x, v2.9.1