问题描述:

I have cert.pfx file, I need to install to be used in Amazon Elastic Load Balancer.

How can I do it?

网友答案:

you can easily convert the format of the certificate using the OpenSSL suite.

The process is very easy and a good guide is here: http://www.petefreitag.com/item/16.cfm.

About the different steps (taken from the link I reported above):

Export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

This removes the passphrase from the private key so Apache won't

prompt you for your passphase when it starts

openssl rsa -in key.pem -out server.key

Now, if you have a linux distro, it is straight forward to install openSSL (yum install openssl on an rpm based distro).

If you don't have a linux distro installed, then the quickest would be to go for a live distribution (I personally love fedora https://getfedora.org/)

I hope this helps

网友答案:
  1. Extract private key without password. First commant will request password and require password. Don't use empty, it does not work. Second command asks for password created for 1st command.

openssl pkcs12 -in cert.pfx -nocerts -out key.pem openssl rsa -in key.pem -out server.key

  1. Extract certificate:

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem

  1. Extract certificate chain:

openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem

  1. Certificate chain contains several items. You may need to remove item that refers to your certificate, it's on top and it's not needed. Give a try with/without removing top item. After that the other items should be placed in reverse order.

  2. server.key is private key in ELB, cert.pem is certificate in ELB, output #4 is certificate chain.

Good luck!

相关阅读:
Top