Forum Discussion
NimbostratusImporting Cert from Brocade ADX
Dev,
I have a situation that I'm unsure what's going on, wanted to get some clarification. I currently have a Brocade ADX hosting a website doing SSL termination at the ADX. The plan is to migrate the cert from the ADX to the Big IP(6900 running 11.2) and use the current cert. I've not done this before, and I'm running into issues. I'm trying to import the key, and I'm able to get the key in with no issues. When I import the certificate, it comes in as a bundled cert, with the InCommon cert included in the certificate I download from the ADX. When I build the profile, it gives me an error saying the key doesn't match the cert, and won't let me continue forward. Any ideas, or how to move forward? My go live is the 25th so any help is greatly appreciated. I've also opened a support case, so maybe I can get some assistance there as well. Thanks in advance!
5 Replies
- Kevin_Stewart
Employee
If both of these (key and cert) are in Base64 PEM format, open up the cert file in a text editor and strip out everything but the one certificate. Otherwise you'll need to convert to PEM format and do the same. 
wixxyl_98682How can I tell if these are in PEM, and how can I tell which one is the correct cert? Sorry, I know this is kind of a newbie question, but I am still very new at SSL...- nitassHow can I tell if these are in PEM, and how can I tell which one is the correct cert?
SSL Converter (PEM Format topic)
https://www.sslshopper.com/ssl-converter.html
Certificate Decoder
http://www.sslshopper.com/certificate-decoder.html
hope this helps. - Kevin_StewartThe fact that you had the private key separately probably means that the multiple certificates are either in PEM (base64) or DER (binary) format. Open it up in a text editor, or 'cat' it from the command line. If you see a bunch of characters that start and end with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", then it's in PEM format. If there are multiple certs in the file then you'll see them clearly delimited by these "headers". You'll need to open the file in a text editor or vi and separate them into individual files. Now that you have separate certificates, you can generally open them up in Windows with the CryptoAPI utility, or from the Linux shell with OpenSSL to see what they are:
openssl x509 -in [path to cert] -noout -subject - Kevin_StewartAlmost forgot. If you open the certificate in a text editor and you see a bunch of non-text gobbledeegook, then it's probably in DER format. Here's how to convert it to PEM with OpenSSL:
openssl x509 -in [path to cert] -inform DER -outform PEM -out [path to new file]
You can also do this to verify if it's in DER format:
openssl x509 -in [path to cert] -inform DER -noout -subject
