Forum Discussion
NzYme_68513
Nimbostratus
Nimbostratus.pem format has to be used for SSL offload?
Trying to setup test scenario for CAS server load balancing on our F5 LTM. We created a test domain with a CA server. We created certificate(.cer) but according to the deployment .pdf for exchange 2010 it has be in .pem format. Does anyone know if it HAS to be in a .pem format? Why can't I just import the .cer file?
hooleylistCirrostratus
In 10.2 or so, you can import a PKCS7 cert/key via the SSL certificates page in the GUI. They'll be converted to PEM format. Is your .cer cert/key a DER format? If so, you can use openssl on LTM or off the box to convert:
DER
openssl x509 -inform der -in certificate.cer -out certificate.pem
PCKS12
openssl pkcs12 -in certificate.pfx -nodes -out certificate.pem
For more info, you can search on AskF5.com for convert certificate or search online for openssl convert certificate.
If you'd like to see the GUI handle this more gracefully, you could open a case with F5 Support and request an enhancement.
Aaron
nitassEmployee
Hi Aaron,
Does 10.2 support PKCS7? Do I misremember or isn't document updated?
sol6549: Converting PKCS certificates to PEM format for use with the BIG-IP
http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6549.html
/Nitass- hooleylistWe actually support importing of PKCS12 certs in the GUI from 10.1.0. To convert a PCKS7 or DER archive to PEM format you can use openssl and then import via the GUI or copy the files to /config/ssl/ssl.crt/ and /config/ssl/ssl.key/.
Aaron