Devo importare un certificato in un controllo Cisco Ironport per Web SSL. L'unico formato di input supportato è PEM.
Sulla base della mia ricerca il formato PEM supporta tutti i certificati nella catena, tuttavia non sono sicuro di come convertire un DER / CER / P7b in PEM che includa la catena.
Ho usato i seguenti comandi OpenSSL per fare la conversione, tuttavia non sembra che stia ottenendo l'intera catena. Mi manca un interruttore?
Extracting the Public key (certificate)
You will need access to a computer running OpenSSL. Copy your PFX file over to this computer and run the following command:
openssl pkcs12 -in <filename.pfx> -clcerts -nokeys -out certificate.cer
This creates the public key file named "certificate.cer" Note: These instructions have been verified using OpenSSL on Linux. Some syntax may vary on the Win32 version.
Extracting and decrypting the Private key
The WSA requires that the private key be unencrypted. Use the following OpenSSL commands:
openssl pkcs12 -in <filename.pfx> -nocerts -out privatekey-encrypted.key
You will be prompted for "Enter Import Password". This is the password created in step 11 above. You will also be prompted for "Enter PEM pass phrase". The is the encryption password (used below).
This will create the encrypted private key file named "privatekey-encrypted.key"
To create a decrypted version of this key, use the following command:
openssl rsa -in privatekey-encrypted.key -out private.key