Error when importing SSL certificate into LTM

I suppose the first question is, is it a valid x509 certificate? Can you open it with OpenSSL?

openssl x509 -noout -text -in WBCert.crt

HI kevin, same problem here, as per your suugestion how i will check from openssl? OpenSSL will only happen if certificate is already there in system....? correct me if wrong

You can use OpenSSL from any Linux-based system.

Hi B_Stephen,

If your intention is how to use openssl for the same task from LTM, you can use open source Filezilla sftp client (you need to download that) or any other sftp client and connect to LTM (root@ltm_mgmt_ip_addr) and store it for e.g. in /var/tmp.

Then from LTM, you can use openssl command to view it.

e.g. I have a cert in PEM format called "abc-client2-cert.pem".

[root@mks116:Active:Standalone] tmp  openssl x509 -in /var/tmp/abc-client2-cert.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=MKS-CA2, C=SG/emailAddress=mksaravtest@gmail.com
        Validity
            Not Before: Apr  1 16:38:39 2016 GMT
            Not After : Apr  1 16:38:39 2017 GMT
        Subject: CN=abc-client2, C=SG/emailAddress=mksaravtest@gmail.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:d2:da:b5:fa:fc:32:e1:5e:bf:cb:a7:c4:d9:
                    c3:80:71:b6:4b:09:03:d2:41:b1:e3:b9:eb:9d:c5:
                    92:95:5e:3b:67:1f:1b:7d:14:7f:37:85:5d:4a:d1:
                    3c:6d:ef:87:3f:81:96:46:8f:57:ab:a3:6a:81:8a:
                    47:0e:aa:16:ba:b2:93:8e:17:85:c6:3f:1a:61:7b:
                    2c:ea:a1:d8:8a:40:46:9d:bd:70:ff:62:78:67:5c:
                    fd:a7:fe:3e:e3:dd:3f:2f:5a:e7:c4:1a:05:2f:f7:
                    79:6a:75:91:ff:3c:d2:a7:d9:cd:e7:76:fb:35:22:
                    19:f9:7a:9d:ea:b3:b2:c2:e9:d4:95:97:c3:69:84:
                    eb:21:f6:dc:53:19:ab:a1:d7:db:37:6c:03:81:99:
                    1e:9c:b5:15:b5:20:2b:3c:cf:19:51:8a:88:be:9a:
                    f3:b9:97:e7:6c:85:ef:95:cf:a5:4b:c9:b0:83:91:
                    07:53:40:7e:22:a1:f4:31:89:22:09:b4:87:c9:1e:
                    b9:40:11:86:36:5a:69:11:71:c5:3d:99:a6:0e:34:
                    02:d6:a1:a6:b5:aa:9b:81:5b:4d:a9:28:64:e5:c4:
                    60:df:32:e8:52:a5:2a:c7:d1:e8:88:37:df:1e:8d:
                    91:36:f4:0f:35:01:83:ee:af:e1:b3:22:56:5e:37:
                    3f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                TLS Web Client Authentication
    Signature Algorithm: sha256WithRSAEncryption
         15:c0:75:69:00:58:7d:bb:b8:3b:35:b1:d8:26:29:9b:ae:df:
         f9:8f:ad:cf:27:8c:1f:0e:bb:29:0f:c4:7a:c0:8b:4f:b6:b4:
         a6:ea:64:74:89:4c:de:9e:3e:56:ea:a3:2f:7c:b0:3b:b2:4f:
         4b:e0:51:6c:25:92:01:a1:fc:a3:73:22:88:7b:7e:ca:f9:f3:
         ff:d4:16:91:eb:ad:a8:d9:e2:93:25:69:15:58:28:8a:0b:6c:
         ab:8e:11:3a:b2:7c:47:aa:55:56:83:14:cc:61:03:61:c8:43:
         81:6b:14:59:46:9e:8d:3f:e3:93:24:45:5d:48:7f:a9:03:1c:
         43:e4:4c:3b:d0:e2:82:d2:02:41:33:bf:c6:f9:13:92:3f:15:
         9b:58:cb:2a:13:8b:04:dd:a1:e3:02:72:b7:3e:e0:dc:42:ba:
         c4:cb:2f:a9:e7:53:c3:bc:7a:dd:42:6d:2b:7d:48:69:99:22:
         63:d5:f6:8c:62:f0:bd:40:6b:d1:3d:02:e9:79:7d:e1:d9:51:
         a6:c8:af:c1:31:cd:4b:87:f2:2a:ef:8d:b6:b5:5b:42:c6:54:
         24:f6:8d:66:45:44:cf:b1:91:1a:30:40:29:8c:10:03:37:f5:
         62:80:bc:ab:99:4e:8a:42:c9:5a:02:70:c0:f8:57:70:04:c7:
         92:34:fe:a7

If your cert is in DER format, then use:

openssl x509 -inform DER -in ./abc-client2-cert.der -text -noout

Alternatively you can install CYGWIN on Windows (to get a unix like environment) and install openssl in it. Then you can do all openssl stuff from Windows itself.