SSL Certificate Conversion

Product Tech Tips Index

Problem:
Need to convert SSL Certificates from PFX to import into the WebMux

Background:
From our note on OpenSSL.

OpenSSL is a free, redistributable library that many servers, switches, and WebMux load balancers use.

WebMux uses PEM format key and certificate for SSL termination logic. If your key and certificate are not in PEM format, you will need to convert them.

If you are running Windows server, you may not have access to the openssl commands. This page provides the Windows® version for running on Microsoft® Windows computers.

OpenSSL for Windows is completely based on www.openssl.org’s opensource project. It is built on Windows Vista with Microsoft Visuo Studio 2008. You can download the compiled openssl for Windows command line executable by clicking here.

The two optional libraries files can be download by click on their names here:

libeay.lib and ssleay32.lib

These tools are provided so that you can convert your SSL key and certificate to PEM format.

AVANU’s products are subject to the United States of America Export Administration Regulations and other U.S. law that specifies which country products may not be exported to. Please contact Department of Commerce for exporting our products outside of U.S.A.

Solution:
If you are running IIS 5.0 ,or above, on Windows (2000 or later), follow these steps to export your file.

    1. Open Internet Information Services.
      Start > Programs > Administrative Tools > Internet Services Manager
    2. Find the website in the left pane and right click on Properties.
    3. Select “Directory Security.”
    4. Select “View Certificate.”
    5. Select “Details.”
    6. Press Copy to File. Certificate Export Wizard should launch.
    7. Select Next.
    8. Select “Yes, Export the Private Key,” then press Next.
    9. Select: Personal Information Exchange – PKCS #12 (.PFX)

• Be sure to enable “Include all certificates in the certification path if possible.”
• Do not select “Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above).” Do not select “Delete the private key if the export is successful.”

  1. Provide a password then select Next. We recommend writing the password down.
  2. Choose a filename and select next. We recommend no space in the file name.
  3. Select Finish.

To convert the file, download and install OpenSSL.
Using the PFX file you obtained from Step 12, run:

openssl pkcs12 -in mycert.pfx -out mycert.pem

Enter your password when prompted. Then, to extract the private key, run the command:

openssl rsa -in mycert.pem -out privatekey.pem

If the key and certificate are saved separately, use these commands to convert both.

openssl x509 -in input.crt -inform DER -out output.crt
-outform PEM
openssl rsa -in input.key -inform DER -out output.key
-outform PEM
openssl rsa -in output.key -out newkey.pem

The final command removes the password from the encrypted key. You will be prompted to enter the password once more while running. Back-up will be unsuccessful if the password is not removed prior to reboot.

If you would rather, AVANU will convert the file and import it for you, free of charge. Please send the saved .PFX file to techsupport@avanu.com as an attachment. Be sure to provide the password you create in the body of the email!