Difference between revisions of "Certificate Format Conversion"

From Tech-Wiki
Jump to: navigation, search
(Created page with "Category:Encryption Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require differen...")
 
 
(5 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require different formats. You can use openssl to do this conversion by using the following commands.
 
Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require different formats. You can use openssl to do this conversion by using the following commands.
  
Convert from PEM to PFX
+
Convert from PEM to PFX (e.g. from F5 to Windows IIS)
  
  openssl pkcs12 -export -out output.pfx -inkey input.key -in input.crt -certfile input.ca-bundle
+
  openssl pkcs12 -export -out output.pfx -inkey input.key -in input.crt -certfile input.ca-bundle -passout pass:<PASSWORD>
 
   
 
   
 
  Where
 
  Where
 
  output.pfx      - this is the output file
 
  output.pfx      - this is the output file
 
  input.key      - this is the original key file used to create the csr
 
  input.key      - this is the original key file used to create the csr
  input.crt      - this is the file received back from the certificate authority
+
  input.crt      - this is the signed certifiate file received back from the certificate authority
  input.ca-bundle - this is the cert from the certificate authority we are converting to pfx
+
  input.ca-bundle - this is the cert chain file
 +
<PASSWORD>      - this is the password to protect the private key on the pfx bundle
 +
 
 +
Convert from PFX to PEM with no output private key password (e.g. from Windows IIS / Verisign to DenyAll WAF)
 +
 
 +
openssl pkcs12 -in input.pfx -out output.pem -nodes
 +
 +
If the private key in the pfx input is protected by a password, you will be prompted.
 +
 
 +
Check a chainfile is valid for a certificate
 +
openssl verify -CAfile certchain.pem -verbose cert.pem

Latest revision as of 14:38, 13 March 2019

Sometimes there is a need to convert a SSL certificate from one format to another for example a load balancer & Windows IIS will probably require different formats. You can use openssl to do this conversion by using the following commands.

Convert from PEM to PFX (e.g. from F5 to Windows IIS)

openssl pkcs12 -export -out output.pfx -inkey input.key -in input.crt -certfile input.ca-bundle -passout pass:<PASSWORD>

Where
output.pfx      - this is the output file
input.key       - this is the original key file used to create the csr
input.crt       - this is the signed certifiate file received back from the certificate authority
input.ca-bundle - this is the cert chain file
<PASSWORD>      - this is the password to protect the private key on the pfx bundle

Convert from PFX to PEM with no output private key password (e.g. from Windows IIS / Verisign to DenyAll WAF)

openssl pkcs12 -in input.pfx -out output.pem -nodes

If the private key in the pfx input is protected by a password, you will be prompted.

Check a chainfile is valid for a certificate

openssl verify -CAfile certchain.pem -verbose cert.pem