Forum Discussion

Nimbostratus

Oct 07, 2015

Solved

Converting .crt to .pfx

Hi I am trying to convert .crt which is loaded to f5 to .pfx, i tried this commmand: openssl pkcs12 -export -out /var/tmp/:Common:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/cert...

Irre_Levant
Oct 05, 2022
Late answer but its ~~still not~~ now documented correctly i think (https://support.f5.com/csp/article/K31936122).
(edit LiefZimmerman to clarify the KB article was updated)

The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:

copy files:

cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.key

check if DER:

openssl x509 -in /var/tmp/foo.der -inform DER -text

if DER, convert to pem:

openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crt

create pfx:

openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crt

remove files after exported pfx to another machine:

rm /var/tmp/foo.der rm /var/tmp/foo.crt rm /var/tmp/foo.key rm /var/tmp/foo.pfx

greets

Irre

Allanwynn_16283

Nimbostratus

Oct 07, 2015

Here is my exact command and error:

[xxx:Active:In Sync] root openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1 unable to load certificates [xxx:Active:In Sync] root

Stanislas_Piro2
Cumulonimbus
Oct 07, 2015
copy files to /var/tmp dir and change names to remove : and try again with those files
Allanwynn_16283
Nimbostratus
Oct 07, 2015
Hi I tried: openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /var/tmp/f5_pgpc_sharepoint.key_203294_1 -in /var/tmp/f5_pgpc_sharepoint.crt_203332_1 But with same error.