I use the DigiCert utility to generate and complete all my SSL certificate requests. Since upon import these certificates get automatically added to the Windows keystore, and our certificate provider doesn’t provide a good way to get a PEM certificate for Linux-based appliances.
I always seem to forget how to do this and finally I am just going to post this here since I can more easily remember where to find these instructions. Shoutout to UW IT for originally posting these instructions!
- Export the file from your Windows certificate store. Make sure the private keys are exportable if need be.
- Run the following command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- Run the following command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Run the following command to remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key