Information regarding certificates
Using a certificate signed by a Certificate Authority
Please follow instructions from CA on how to install your certificate to your server if you have not already done so.
After making sure a valid certificate is installed, the user needs to export the certificate in PKCS12 format and afterwards, convert it to the PEM format, using a tool such as openssl.
Instructions for exporting an existing certificate
- Open "mmc" in windows Run
- Select File → Add/Remove Snap-ins
- Add Certificates → Choose Computer Account → Click next → Click F inish → Click OK
- Navigate to whichever folder the certificate is installed in.
- Right click the certificate and select All Tasks → Export in order to launch the Certificate Export Wizard.
- When asked, choose to export the private key with the certificate.
**
**
- Choose to save the certificate and private key in the PKCS12 (.pfx) format.
- You can opt to protect the private key via selecting security principal or by password. We will opt for password in this guide.
- Enter a certificate name then click Next and Finish.
Converting a PKCS12 certificate to PEM
- (Optional) Install openssl command line utility
- Open a Command Prompt and type the following command (replacing the certificate names and password):
Import Password is the password used to encrypt the PKCS12 private key. PEM pass phrase is the password used to encrypt the key in the resulting PEM format.
The entered passphrase must be saved in a file as plain text, to be used when configuring TLS/SSL. If the user wishes no passphrase for the private key then the -nodes argument must also be passed.
openssl pkcs12 -in testcert.pfx -out testcert.pem -nodes
Enter Import Password:
Generating a self-signed certificate with openssl
- Open a Command Prompt and type the following command (replacing the inputs with valid local paths):
Note: The entries starting from "Country Name" can be left empty.