Difference between revisions of "Certificate Format Conversion"
From Tech-Wiki
| Line 2: | Line 2: | ||
Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require different formats. You can use openssl to do this conversion by using the following commands. | Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require different formats. You can use openssl to do this conversion by using the following commands. | ||
| − | Convert from PEM to PFX | + | Convert from PEM to PFX (e.g. from F5 to Windows IIS) |
openssl pkcs12 -export -out output.pfx -inkey input.key -in input.crt -certfile input.ca-bundle | openssl pkcs12 -export -out output.pfx -inkey input.key -in input.crt -certfile input.ca-bundle | ||
| Line 11: | Line 11: | ||
input.crt - this is the signed certifiate file received back from the certificate authority | input.crt - this is the signed certifiate file received back from the certificate authority | ||
input.ca-bundle - this is the cert chain file | input.ca-bundle - this is the cert chain file | ||
| + | |||
| + | Convert from PFX to PFX with no output private key password (e.g. from Windows IIS / Verisign to DenyAll WAF) | ||
| + | |||
| + | openssl pkcs12 -input.pfx -out output.pem -nodes | ||
| + | |||
| + | If the private key in the pfx input is protected by a password, you will be prompted. | ||
Revision as of 09:31, 17 July 2013
Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require different formats. You can use openssl to do this conversion by using the following commands.
Convert from PEM to PFX (e.g. from F5 to Windows IIS)
openssl pkcs12 -export -out output.pfx -inkey input.key -in input.crt -certfile input.ca-bundle Where output.pfx - this is the output file input.key - this is the original key file used to create the csr input.crt - this is the signed certifiate file received back from the certificate authority input.ca-bundle - this is the cert chain file
Convert from PFX to PFX with no output private key password (e.g. from Windows IIS / Verisign to DenyAll WAF)
openssl pkcs12 -input.pfx -out output.pem -nodes If the private key in the pfx input is protected by a password, you will be prompted.