Convert .p12 and install in apache server Rumi, October 18, 2013 If you have a pkcs12 file (from IIS for example) and if you need to install the certificate on an Openssl-compatible product such as Apache, you will have to extract the content of the pkcs12 to get several files. First of all, create a global file (package): openssl pkcs12 -in yourpkcs12.pfx -out package.pem -nodes Then duplicate that package file to get 3 different files: cp package.pem mykey.key cp package.pem mycert.cer cp package.pem mychain.txt Edit each of those files via a test editor. Warning: You need to use a text editor that can interpret OpenSSL-style end-of-lines (under Windows, use an editor compatible with UNIX): in mykey.key only keep the "PRIVATE KEY" bloc in mycert.cer only keep the "BEGIN CERTIFICATE" bloc, corresponding to your server certificate (you know it by reading the comment that appears just above) in mychain.txt only the "BEGIN CERTIFICATE" bloc(s) other than your server certificate (you know it by reading the comment that appears just above) Those 3 files are usable (even if you might need to convert them into a format compatible with your SSL server)! Warning: If you create your pfx on Microsoft, do not activate the "enhanced security"! Related PKI
Convert .p12 bundle to server certificate and key files August 28, 2015February 16, 2024 Seperate Private Key and Certificate file #Generate certificates bundle file openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem #Generate server key file. openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes… Read More
Code Signing (Digital Signature) using Signtool February 4, 2013 The following command adds the catalog file MyCatalogFileName.cat to the system component and driver database. The /v option generates a unique name if necessary to prevent replacing an existing catalog file named MyCatalogFileName.cat. signtool catdb /v /u MyCatalogFileName.cat The following command signs a file automatically by using the best certificate…. Read More
Stunnel on Debian/Ubuntu with Squid October 27, 2015 What’s Stunnel The Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the program’s code. What… Read More