Certificate Manager currently supports only the pem-format certificate files.
Following are the available certificate file formats for Certificate Manager.
The filename extension is .pem.
Each file includes certificate (chain) information and private key information.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
You can create pem files like follows: 1. Convert certificate information into pem. 2. Create a single pem file which includes certificate chain and a private key.
keytool
to convert certificate into the .p12
or .pks
format. .p12
or .pks
type, execute the command as follows and convert it into .pem
.openssl pkcs12 -in my_certificate_input_file.pfx -nokeys -out my_cert_converting_result_file.pem
openssl pkcs12 -in my_certificate_input_file.pfx -nodes -nocerts -out my_cert_converting_result_file.pem
If a private key is not in the RSA format, encode it into an RSA private key format.
To convert a private key into an RSA private key, execute the following command:
openssl rsa -in my_key_not_rsa_input_file.pem -check -out my_key_rsa_converting_result_file.pem
> writing RSA key
> Enter PEM pass phrase: (enter passphrase encoded with RSA private key)
> Verifying - Enter PEM pass phrase:
Combine PEM file information of certificate and private key, to create a single PEM file.
cat my_cert_converting_result_file.pem my_key_rsa_converting_result_file.pem > final_result_pem_file.pem
The format of a newly-made PEM file (which is "final_result_pem_file.pem" in the above example) is like below.
-----BEGIN CERTIFICATE-----
.... (your primary SSL certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.... (the intermediate CA certificate)
.... (unavailable if certificate chain information does not exist.)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.... (the trusted root certificate)
.... (unavailable if certificate chain information does not exist.)
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----