Forum Discussion

Allanwynn_16283's avatar
Allanwynn_16283
Icon for Nimbostratus rankNimbostratus
Oct 07, 2015

Converting .crt to .pfx

Hi I am trying to convert .crt which is loaded to f5 to .pfx, i tried this commmand:

 

openssl pkcs12 -export -out /var/tmp/:Common:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1

 

but i encounter "unable to load certificates" what is my error? thank you!

 

  • Late answer but its still not now documented correctly i think (https://support.f5.com/csp/article/K31936122).
    (edit LiefZimmerman to clarify the KB article was updated)

    The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:

    copy files:

    cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der
    cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.key

    check if DER:

    openssl x509 -in /var/tmp/foo.der -inform DER -text

     if DER, convert to pem:

    openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crt

    create pfx:

    openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crt

    remove files after exported pfx to another machine:

    rm /var/tmp/foo.der
    rm /var/tmp/foo.crt
    rm /var/tmp/foo.key
    rm /var/tmp/foo.pfx

    greets

    Irre

  • Late answer but its still not now documented correctly i think (https://support.f5.com/csp/article/K31936122).
    (edit LiefZimmerman to clarify the KB article was updated)

    The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:

    copy files:

    cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der
    cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.key

    check if DER:

    openssl x509 -in /var/tmp/foo.der -inform DER -text

     if DER, convert to pem:

    openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crt

    create pfx:

    openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crt

    remove files after exported pfx to another machine:

    rm /var/tmp/foo.der
    rm /var/tmp/foo.crt
    rm /var/tmp/foo.key
    rm /var/tmp/foo.pfx

    greets

    Irre

  • Hi,

    in bash, add a "\" before ":"

    openssl pkcs12 -export -out /var/tmp/\:Common\:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:default.key_19145_1 -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:default.crt_19145_1 
    
  • Here is my exact command and error:

     

    [xxx:Active:In Sync] root openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1 unable to load certificates [xxx:Active:In Sync] root

     

    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus
      copy files to /var/tmp dir and change names to remove : and try again with those files
    • Allanwynn_16283's avatar
      Allanwynn_16283
      Icon for Nimbostratus rankNimbostratus
      Hi I tried: openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /var/tmp/f5_pgpc_sharepoint.key_203294_1 -in /var/tmp/f5_pgpc_sharepoint.crt_203332_1 But with same error.
  • Did you solve this? I have exactly the same problem, cannot convert to pkcs12 due to "unable to load certificates" error. The cert is working correctly on VS.