Jump to: navigation, search

Converting Certificates and Keys to Required Formats

(SLG-1105)

Windows Certificate Services generates TLS certificates and keys in PKCS#12 format. However, Java applications do not support PKCS#12 format, so the certificate and private key have to be converted to PKCS#8/PEM format. Furthermore, if you are installing TLS on the Linux platform, you must not only convert to PKCS#8, you must also separate the certificate and private key into separate files.

Certificates created in OpenSSL are already in PKCS#8/PEM format, and do not need to be converted for Linix-based applications.

If you are installing TLS on Java-based applications on a platform other than Linux, convert the certificate and private key file as follows:

Type the following command line using OpenSSL: 

openssl pkcs12 -nodes -passin pass:<password> -in <pfx file> -out <pem file>

Where:

  • <password> is the password that you set during the PKCS#12 file export session. This field can be empty.
  • <pfx file> is the name of the certificate file in PKCS#12 format.
  • <pem file> is the name of the output file in PKCS#8 format.

After the conversion, the <pem file> contains both the certificate and private key data.

If you are installing TLS on the Linux platform, convert the certificate and private key file into the proper format and into separate files as follows: 

openssl x509 -in <path and name of certificate file>.pem -outform PEM -out cert.pem
openssl pkcs8 -topk8 -nocrypt -in <path and name of certificate file>.pem -out key.pem
This page was last edited on July 28, 2014, at 19:46.
Comments or questions about this documentation? Contact us for support!