Converting .crt to .pfx

Question

Hi I am trying to convert .crt which is loaded to f5 to .pfx, i tried this commmand:&nbsp;
openssl pkcs12 -export -out /var/tmp/:Common:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1&nbsp;
but i encounter "unable to load certificates" what is my error? thank you!&nbsp;

irre_levant · Accepted Answer

Late answer but its still not&nbsp;now documented correctly i think (https://support.f5.com/csp/article/K31936122).(edit&nbsp;LiefZimmerman&nbsp;to clarify the KB article was updated)
The problem is that the certificate files are stored as DER format and have to be converted to PEM format first while the key files already are in PEM format:
copy files:
cp /config/filestore/files_d/Common_d/certificate_d/:foo_1: /var/tmp/foo.der
cp /config/filestore/files_d/Common_d/certificate_key_d/:foo_2: /var/tmp/foo.key
check if DER:
openssl x509 -in /var/tmp/foo.der -inform DER -text
&nbsp;if DER, convert to pem:
openssl x509 -inform DER -outform PEM -text -in /var/tmp/foo.der -out /var/tmp/foo.crt
create pfx:
openssl pkcs12 -export -out /var/tmp/foo.pfx -inkey /var/tmp/foo.key -in /var/tmp/foo.crt
remove files after exported pfx to another machine:
rm /var/tmp/foo.der
rm /var/tmp/foo.crt
rm /var/tmp/foo.key
rm /var/tmp/foo.pfx
greets
Irre

stanislas_piro2 · Answer

Hi,
in bash, add a "\" before ":"
openssl pkcs12 -export -out /var/tmp/\:Common\:f5_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:default.key_19145_1 -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:default.crt_19145_1

allanwynn_16283 · Answer

Here is my exact command and error:&nbsp;
[xxx:Active:In Sync] root  openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_pgpc_sharepoint.key_203294_1 -in /config/filestore/files_d/Common_d/certificate_d/:Common:f5_pgpc_sharepoint.crt_203332_1
unable to load certificates
[xxx:Active:In Sync] root  &nbsp;

stanislas_piro2 · Answer

copy files to /var/tmp dir and change names to remove : and try again with those files

allanwynn_16283 · Answer

Hi I tried:

openssl pkcs12 -export -out /var/tmp/f5_pgpc_sharepoint.pfx -inkey /var/tmp/f5_pgpc_sharepoint.key_203294_1 -in /var/tmp/f5_pgpc_sharepoint.crt_203332_1

But with same error.

jakubo_320000 · Answer

Did you solve this? I have exactly the same problem, cannot convert to pkcs12 due to "unable to load certificates" error. The cert is working correctly on VS.&nbsp;

Forum Discussion

Converting .crt to .pfx

8 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Import certificate as pfx format

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes

Alteon Config Converter

Unbreaking the Internet and Converting Protocols

Convert curl command to BIG-IP Monitor Send String