Forum Discussion
Allanwynn_16283
Nimbostratus
NimbostratusConverting .crt to .pfx
Hi I am trying to convert .crt which is loaded to f5 to .pfx, i tried this commmand:
openssl pkcs12 -export -out /var/tmp/:Common:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1
but i encounter "unable to load certificates" what is my error? thank you!
Late answer but its
still notnow documented correctly i think (https://support.f5.com/csp/article/K31936122).
(edit LiefZimmerman to clarify the KB article was updated)The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:
copy files:
cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.keycheck if DER:
openssl x509 -in /var/tmp/foo.der -inform DER -textif DER, convert to pem:
openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crtcreate pfx:
openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crtremove files after exported pfx to another machine:
rm /var/tmp/foo.der rm /var/tmp/foo.crt rm /var/tmp/foo.key rm /var/tmp/foo.pfxgreets
Irre
- Irre_Levant
Cirrus
Late answer but its
still notnow documented correctly i think (https://support.f5.com/csp/article/K31936122).
(edit LiefZimmerman to clarify the KB article was updated)The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:
copy files:
cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.keycheck if DER:
openssl x509 -in /var/tmp/foo.der -inform DER -textif DER, convert to pem:
openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crtcreate pfx:
openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crtremove files after exported pfx to another machine:
rm /var/tmp/foo.der rm /var/tmp/foo.crt rm /var/tmp/foo.key rm /var/tmp/foo.pfxgreets
Irre
Stanislas_Piro2Cumulonimbus
Hi,
in bash, add a "\" before ":"
openssl pkcs12 -export -out /var/tmp/\:Common\:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:default.key_19145_1 -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:default.crt_19145_1
Allanwynn_16283Here is my exact command and error:
[xxx:Active:In Sync] root openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1 unable to load certificates [xxx:Active:In Sync] root
- Stanislas_Piro2copy files to /var/tmp dir and change names to remove : and try again with those files
- Allanwynn_16283Hi I tried: openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /var/tmp/f5_pgpc_sharepoint.key_203294_1 -in /var/tmp/f5_pgpc_sharepoint.crt_203332_1 But with same error.
jakubo_320000Did you solve this? I have exactly the same problem, cannot convert to pkcs12 due to "unable to load certificates" error. The cert is working correctly on VS.
- LiefZimmerman
Admin
Irre_Levant - are you saying that the KB article linked here: https://support.f5.com/csp/article/K31936122 is not documented correctly? If so - I'll forward this to our Knowledge team for a look.
Thanks,
- Irre_Levant
yes, its now added to the KB article, thanks.
