Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Converting .crt to .pfx

Go to solution
Allanwynn_16283
Nimbostratus
Nimbostratus

‎06-Oct-2015 22:54

Hi I am trying to convert .crt which is loaded to f5 to .pfx, i tried this commmand:

 

openssl pkcs12 -export -out /var/tmp/:Common:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1

 

but i encounter "unable to load certificates" what is my error? thank you!

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Irre_Levant
Altocumulus
Altocumulus

‎05-Oct-2022 02:15 - last edited on ‎07-Feb-2023 03:41 by Community Manager

Late answer but its still not now documented correctly i think (https://support.f5.com/csp/article/K31936122).
(edit @LiefZimmerman to clarify the KB article was updated)

The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:

copy files:

cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der
cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.key

check if DER:

openssl x509 -in /var/tmp/foo.der -inform DER -text

 if DER, convert to pem:

openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crt

create pfx:

openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crt

remove files after exported pfx to another machine:

rm /var/tmp/foo.der
rm /var/tmp/foo.crt
rm /var/tmp/foo.key
rm /var/tmp/foo.pfx

greets

Irre

greets
Irre

View solution in original post

8 REPLIES 8

Go to solution
Stanislas_Piro2
Cumulonimbus
Cumulonimbus

‎06-Oct-2015 23:47 - last edited on ‎02-Jun-2023 16:05 by Fog

Hi,

in bash, add a "\" before ":"

openssl pkcs12 -export -out /var/tmp/\:Common\:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:default.key_19145_1 -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:default.crt_19145_1
0 Kudos

Go to solution
Allanwynn_16283
Nimbostratus
Nimbostratus

‎07-Oct-2015 00:19

Here is my exact command and error:

 

[xxx:Active:In Sync] root openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1 unable to load certificates [xxx:Active:In Sync] root

 

0 Kudos

Go to solution
Stanislas_Piro2
Cumulonimbus
Cumulonimbus
In response to Allanwynn_16283

‎07-Oct-2015 00:37

copy files to /var/tmp dir and change names to remove : and try again with those files
0 Kudos

Go to solution
Allanwynn_16283
Nimbostratus
Nimbostratus
In response to Allanwynn_16283

‎07-Oct-2015 00:55

Hi I tried: openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /var/tmp/f5_pgpc_sharepoint.key_203294_1 -in /var/tmp/f5_pgpc_sharepoint.crt_203332_1 But with same error.
0 Kudos

Go to solution
jakubo_320000
Nimbostratus
Nimbostratus

‎17-Dec-2018 23:29

Did you solve this? I have exactly the same problem, cannot convert to pkcs12 due to "unable to load certificates" error. The cert is working correctly on VS.

 

0 Kudos

Go to solution
Irre_Levant
Altocumulus
Altocumulus

‎05-Oct-2022 02:15 - last edited on ‎07-Feb-2023 03:41 by Community Manager

Late answer but its still not now documented correctly i think (https://support.f5.com/csp/article/K31936122).
(edit @LiefZimmerman to clarify the KB article was updated)

The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:

copy files:

cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der
cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.key

check if DER:

openssl x509 -in /var/tmp/foo.der -inform DER -text

 if DER, convert to pem:

openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crt

create pfx:

openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crt

remove files after exported pfx to another machine:

rm /var/tmp/foo.der
rm /var/tmp/foo.crt
rm /var/tmp/foo.key
rm /var/tmp/foo.pfx

greets

Irre

greets
Irre

Go to solution
LiefZimmerman
Community Manager
Community Manager

‎10-Oct-2022 15:11

@Irre_Levant - are you saying that the KB article linked here: https://support.f5.com/csp/article/K31936122 is not documented correctly? If so - I'll forward this to our Knowledge team for a look.

Thanks,

0 Kudos

Go to solution
Irre_Levant
Altocumulus
Altocumulus
In response to LiefZimmerman

‎12-Jan-2023 05:58

yes, its now added to the KB article, thanks.

greets
Irre
0 Kudos
Copyright © 2023 Khoros, LLC