How Do I Convert My SSL Certificate File To PEM Format?

Most Certificate Authorities (CAs) issue certificates in PEM format. PEM certificates typically have extensions like .pem, .crt, .cer, and .key.

The PEM format uses the header and footer lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

Other certificate formats include the DER/Binary, P7B/PKCS#7, and PFX/PKCS#12 formats. The AeroFS Appliance requires a certificate in PEM format in step 9 of the appliance setup. This certificate will be used to ensure secure transactions between your appliance and users' web browsers.

Converting Your Existing Certificate To PEM Format

If your certificate is not in PEM format, you can convert it to the PEM format using the following OpenSSL commands:

Convert DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

Alternatively, you can use this SSL converter tool.

Removing Passphrase From Existing Private Key File

If you try to upload a passphrase-protected private key file, you will get a "key is invalid" error message. To fix this you will need to remove the passphrase from your private key file and upload the passphrase-free private key file to your appliance. You can remove the passphrase as follows:

1. Run openssl rsa -in example.key -out example.nocrypt.key

2. Enter your passphrase.

Powered by Zendesk