How do I import certificates exported from Windows Server into ZXTM?A fundamental requirement of importing a certificate into ZXTM is that the certificate file and the private key file be in PEM format. Windows Server is only able to export a private key file in .pfx format. Thus, we must use the program OpenSSL to perform the conversion for us. There are two approaches to accomplishing the conversion, and can involve using either Windows or a UNIX(-like) Operating System. WindowsOpenSSL is available as a binary package for Windows Please download and install this package. There are no special instructions for this. You will now have an OpenSSL directory located on your filesystem. Click START, RUN then type cmd.exe. You need to navigate to the path where you installed your OpenSSL binaries. Within this directory chdir to bin Now you can type the below command to perform the conversion:openssl.exe pkcs12 -in <drive:\path\to\cert>.pfx -nodes -out <drive:\path\to\new\cert>.pem To convert your .CER file to .PEM format: openssl x509 -in <drive:\path\to\cert>.cer -inform DER -out <drive:\path\to\cert>.pem -outform PEM UNIXOnce OpenSSL has been installed, you can now use the below command to convert your private key into a format ZXTM can correctly decipher. openssl pkcs12 -in <path/to/exported/cert>.pfx -nodes -out <path/to/new/cert>.pem To convert your .CER file to .PEM format: openssl x509 -in </pat/to/cert>.cer -inform DER -out </path/to/cert>.pem -outform PEM Please note: Zeus cannot assist in the installation of OpenSSL. Please refer to the online documentation or consult with your Operating System Vendor for support.
Chris Buckley
[Zeus Support] 08 June 2006
2 comments
Comments:This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Comment from:
David turner [Visitor]
· http://www.play.com
If you have problems converting your .CER file try this. I can't claim credit for this as I found it on the web.
Verisign has been known to pack the server certificates in a PKCS#7 structure which uses certificate PEM headers, if so you need to unpack them. Try: openssl pkcs7 -in public.cer -print_certs -out certs.pem then use the certificates in 'certs.pem' for the server. 
06 September 2006 @ 12:50
Comment from:
fernando.pavan [Member]
Sometimes keys are held in keystores, encrypted files that contain both public and private keys. This happens in Tomcat and other java servers and we need a way to extract these keys so we can load the certificate into ZXTM.
There is an application called keytool that manages these keystores. What we need to do is to get a tool to convert keys in keystore formats to standard openssl keys. This is the link for a program that can handle different keystore formats (JKS, JCEKS) and extract openssl private keys to install on ZXTM: http://yellowcat1.free.fr/keytool_iui.html Using it is pretty simple and this is almost the only way to get keys from keystores and load them on ZXTM. If you want to see a Java code that does the same job, here is the link: http://mark.foster.cc/pub/java/ExportPriv.java The code was posted by Andrew Morrow's at http://forum.java.sun.com/thread.jsp?forum=2&thread=154587&message=449486 I hope this helps! Good luck!
23 August 2007 @ 17:42 |
Recent Articles
Other Resources
|
