I need to import a certificate into a Cisco Ironport for Web SSL inspection. The only input format supported is PEM.
Based on my research the PEM format does support all certificates in the chain, however I'm unsure how to convert a DER/CER/P7b into PEM that includes the chain.
I've been using the following OpenSSL commands to do the conversion, however I don't seem to be getting the full chain. Am I missing a switch?
Extracting the Public key (certificate)
You will need access to a computer running OpenSSL. Copy your PFX file over to this computer and run the following command:
openssl pkcs12 -in <filename.pfx> -clcerts -nokeys -out certificate.cerThis creates the public key file named "certificate.cer" Note: These instructions have been verified using OpenSSL on Linux. Some syntax may vary on the Win32 version.
Extracting and decrypting the Private key
The WSA requires that the private key be unencrypted. Use the following OpenSSL commands:
openssl pkcs12 -in <filename.pfx> -nocerts -out privatekey-encrypted.keyYou will be prompted for "Enter Import Password". This is the password created in step 11 above. You will also be prompted for "Enter PEM pass phrase". The is the encryption password (used below).
This will create the encrypted private key file named "privatekey-encrypted.key"
To create a decrypted version of this key, use the following command:
openssl rsa -in privatekey-encrypted.key -out private.key
Aucun commentaire:
Enregistrer un commentaire