Zeus ZXTM: How to export .PFX SSL Certificate into .PEM Format

Posted: April 29th, 2009 under Tool, Tips and Tricks, Zeus ZXTM.

image

Zeus Knowledge hub has an article here but I thought I would elaborate a little for the benefit of the Windows Admin’s ;)

This assumes that you have a Windows machine on which to do the conversion.

1) Install OpenSSL

Windows binary here http://www.slproweb.com/products/Win32OpenSSL.html

2) Export Private Key from .PFX

Once you have installed openSSL

Do the following:

Copy your .PFX file to local file system on the windows machine you have installed OpenSSL on -

clip_image002

If you follow default install navigate to c:\openssl\bin\ and enter

openssl.exe pkcs12 -in <drive\path\name.pfx> -nodes -out drive\path\name.pem>

e.g. openssl.exe pkcs12 -in C:\cert\govuk.pfx -nodes -out c:\cert\PKgovuk.pem

clip_image004

Type the password for the PFX file

clip_image006

You should see a .pem file for the private key in your folder.

clip_image008

3) Export Certificate

Now repeat the process but this time use following syntax to export the certificate

openssl.exe pkcs12 -in C:\cert\govuk.pfx -nokeys -out c:\cert\Certgovuk.pem

clip_image010

You should see this:

clip_image012

and a new file

clip_image014

4) Import into ZXTM

Open admin console and navigate to catalogue \ SSL \ Server Certs

clip_image016

Select Import Certificate

clip_image018

Give your cert a name and populate the location of your cert and private key .pem files. Click “Import Certificate”

clip_image020

You should now see following.

clip_image022

It is more than likely that you will require an intermediary Certificate to complete the key chain.

5) Intermediary Certificate

If the Cert requires an Intermediary to complete the certificate chain do the following:

Download the appropriate certificate from the issuing Certificate Authority. In this example the CA is global sign

Cert is Here:

http://www.globalsign.com/support/intermediate/domainssl_intermediate.php

VeriSign here: http://www.verisign.com/support/install2/intermediate.html

And Thawte requires login here: http://www.thawte.com/roots/index.html

Download the intermediate certificate, this is usually via copying the cert from the web page and saving in a text file. Call the file intermediate.pem

Open the Imported SSL Cert and (scroll down) select install intermediate.

clip_image024

Populate the box with the location of the cert and then click upload.

clip_image026

You should see something similar to below

clip_image028

6) Finished

clip_image030

Test by navigating to the site and verify the certificate via the browser. The Certificate should be valid and display the complete key chain.

- FIN –

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment