Filter
Top Products
Administration Guide 155
Converting to a PEM-Formatted Certificate
For information about downloading OpenSSL for Windows, see the SourceForge Web site at
http://sourceforge.net/project/showfiles.php?group_id=23617&release_id=48801.
Converting to a PEM-Formatted Certificate
The signed certificate file that you receive from the Certificate Authority might not be in a PEM format. If
the file is in binary format (DER), convert it to PEM format as follows:
openssl x509 -in certFile -inform DER -outform PEM -out convertedCertFile
If the certificate is already in a text format, it may be in PKCS format. You will receive a PKCS formatted
certificate if you specified that the certificate will be used with a Microsoft rather than Apache operating
system. The following command results in an error message if the certificate is not in PEM format. The
certFile should not contain the private key when you run this command.
openssl verify -verbose -CApath /tmp certFile
If that command results in the following error message, the file is not in PEM format.
certFile: unable to load certificate file
4840:error:0906D064:PEM routines:PEM_read_bio:bad base64
decode:pem_lib.c:781:
To convert the certificate from PKCS7 to PEM format
1 Run the command:
openssl pkcs7 -in ./certFile -print_certs
The output will look like this:
subject=...
...
-----BEGIN CERTIFICATE-----
... Server Certificate ...
-----END CERTIFICATE-----
subject=...
...
-----BEGIN CERTIFICATE-----
... Intermediate Cert ...
-----END CERTIFICATE-----
2 Combine the server certificate data and the intermediate certificate data (if it exists) from the
output with the private key as specified in “Combining the Private Key with the Signed Certificate”
on page 155 and “Generating Trusted Certificates for Multiple Levels” on page 156.
Combining the Private Key with the Signed Certificate
You must combine the signed certificate with the private key before you can upload it to the Firebox SSL
VPN Gateway.