Converting Certificates

Last Updated: 9/12/2008



Sections above here:
Home  »  Deployment  »  Using SSL

Sections below here:

    Topics in this section:
    SSL
    Converting Certificates

    Search Documentation:

    Converting Certificates to PEM Format

    Chances are that your certificates were not delivered to you in .pem format. If they are not in .pem you must convert them for use with IntraWeb.

    This procedure assumes that you have already received your key and certificate pair from some Certificate Authority (like Verisign or Thawte) and that you have them installed in Microsoft Internet Explorer in Personal Certificates Store.

    Export Certificate

    Select the certificate and export it as a .pfx file (Personal Exchange Format). You may optionally protect it with a password.

    Convert .pfx to .pem

    As part of the SSL download, a utility named openssl.exe was included. This utility will be used to convert your .pfx file.

    To use openssl.exe, use the following format:

      openssl.exe pkcs12 –in <your file>.pfx –out <your file>.pem

    Openssl.exe will prompt you for a password. Enter it if you used one, or leave it blank if you did not specify one. It will also prompt you for a new password for the .pem file. This is optional, but if you protect it with a password be sure to fill in the ServerController.SSLCertificatePassword property in your application.

    Splitting the .pem File

    If you examine the new .pem file with a notepad, you will notice that it consists of two parts. The two parts consist of the private key and the certificate (public key) part. There is also some addition information included. IntraWeb requires that this information be separated into separate files.

    Key.pem

    Create key.pem with notepad and paste everything between and including these two statements:

    -----BEGIN RSA PRIVATE KEY-----

    -----END RSA PRIVATE KEY-----

    Cert.pem

    Create cert.pem with notepad and paste everything between and including these two statements:

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----

    Root.pem

    The final file that IntraWeb requires is the Certificate Authority certificate file. You can obtain this from the Internet Explorer in Trusted Root Certificate Authority dialog. Select the Authority that issued your certificate and export it in Base64 (cer) format. This format is also the same as PEM format so after export simply rename the file to root.pem.



    (C) 2002-2009 - Atozed Software Ltd.