Forum Discussion
Aditya_Mehra
Cirrus
CirrusConvert to pkcs 12 format
Hi All, I created a csr and have received the certs from CA. I will be using those on the F5. But the server team needs the cert and key in pkcs12 format.
I have the below:
certificate file -> server.crt
key file -> server.key (this is already in the F5, downloaded it from the BIGIP)
root CA -> CACert.csr
How can I convert it to pkcs in F5?
I tried the below but does not work
openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CACert.crt
Can anyone please help on this?
Thanks, Aditya
Stanislas_Piro2Cumulonimbus
this command works in my F5:
openssl pkcs12 -export -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:wildcard_demo.local.crt_47284_1 -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:wildcard_demo.local.key_47282_1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -out /var/tmp/democert.p12 -certfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:DEMO_CA.crt_47294_1or
openssl pkcs12 -export -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:wildcard_demo.local.crt_47284_1 -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:wildcard_demo.local.key_47282_1 -certpbe AES-256-CBC -keypbe AES-256-CBC -out /var/tmp/democert.p12 -certfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:DEMO_CA.crt_47294_1NOTE: If you do not specify explicitly specify the certpbe and keypbe algorithm this version defaults to using pbewithSHAAnd40BitRC2-CBC to protect the certificate and pbeWithSHAAnd3-KeyTripleDES-CBC to protect the key.
RC2 was designed in 1987 and has been considered weak for a very long time. 3DES is still considered by many to offer 112-bits of security though in 2015 it is clearly not an algorithm that should still be in use.
Source : http://unmitigatedrisk.com/?p=543