Management > Certificate Manager > Troubleshooting Guide

Converting Certificate File Formats

Certificate Manager currently supports only the pem-format certificate files.

  • More formats are to be supported in the near future.

Following are the available certificate file formats for Certificate Manager.

Format of Certificate File (.pem)

The filename extension is .pem.

Each file includes certificate (chain) information and private key information.

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

How to Create PEM Files

You can create pem files like follows: 1. Convert certificate information into pem. 2. Create a single pem file which includes certificate chain and a private key.

Convert Certificate Information into PEM

  1. In case of a Java JKS or JCEKS certificate, use keytool to convert certificate into the .p12 or .pks format.
  2. For the .p12 or .pks type, execute the command as follows and convert it into .pem .
openssl pkcs12 -in my_certificate_input_file.pfx -nokeys -out my_cert_converting_result_file.pem
openssl pkcs12 -in my_certificate_input_file.pfx -nodes -nocerts -out my_cert_converting_result_file.pem

(Optional) Convert into RSA Private Key Type

If a private key is not in the RSA format, encode it into an RSA private key format.

  • When a private key file is open and if it starts with -----BEGIN PRIVATE KEY-----, it is not an RSA private key file.

To convert a private key into an RSA private key, execute the following command:

openssl rsa -in my_key_not_rsa_input_file.pem -check -out my_key_rsa_converting_result_file.pem

> writing RSA key
> Enter PEM pass phrase: (enter passphrase encoded with RSA private key)
> Verifying - Enter PEM pass phrase:

Create Single PEM Files including Certificate Chain and Private Key

Combine PEM file information of certificate and private key, to create a single PEM file.

cat my_cert_converting_result_file.pem my_key_rsa_converting_result_file.pem > final_result_pem_file.pem

The format of a newly-made PEM file (which is "final_result_pem_file.pem" in the above example) is like below.

-----BEGIN CERTIFICATE-----
.... (your primary SSL certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.... (the intermediate CA certificate)
.... (unavailable if certificate chain information does not exist.)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.... (the trusted root certificate)
.... (unavailable if certificate chain information does not exist.)
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
TOP