Certificate Formats

Most Certificate Authorities (CAs) issue certificates in PEM format. PEM certificates typically have extensions like .pem, .crt, .cer, and .key.

The PEM format uses the header and footer lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

Other certificate formats include the DER/Binary, P7B/PKCS#7, and PFX/PKCS#12 formats.

Converting Your Existing Certificate To PEM Format

If your certificate is not in PEM format, you can convert it to the PEM format using the following OpenSSL commands:

Convert DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

Removing Passphrase From Existing Private Key File

If you try to upload a passphrase-protected private key file, you will get a "key is invalid" error message. To fix this you will need to remove the passphrase from your private key file and upload the passphrase-free private key file to your appliance. You can remove the passphrase as follows:

1. Run openssl rsa -in example.key -out example.nocrypt.key

2. Enter your passphrase.