vADC Docs

SSL Howto - convert a pkcs12 (*.p12) bundle to import into Stingray

by on ‎02-13-2013 05:04 AM (4,260 Views)

Update: 2013 06018 - I had to do 50 conversions today, so I have attached a shell script to to automate this process.

==

Assumptions:

  1. You have a pkcs12 bundle with a private key and certificate in it - in this example we will use a file called www.website.com.p12.  I use SimpleAuthority as it is cross platform and the free edition lets you create up to 5 keypairs, which is plenty for the lab...
  2. You don't have a password on the private key (passwords on machine loaded keys are a waste of time IMHO)
  3. You have a Linux / MacOS X / Unix system with openssl installed (Mac OS X does by default, so do most Linux installs...)

3 commands you need:

First we take the p12 and export just the private key (-nocerts) and export it in RSA format with no encryption (-nodes)


openssl pkcs12 -in www.website.com.p12 -nocerts -out www.website.com.key.pem -nodes








Second we take the p12 and export just the certificate (-nokeys) and export it in RSA format with no encryption (-nodes)


openssl pkcs12 -in www.website.com.p12 -nokeys -out www.website.com.cert.pem -nodes








Third, we convert the private key into the format Stingray wants it in (-text)


openssl rsa -in www.website.com.key.pem -out www.website.com.key.txt.pem -text








You are left with a list of files, only two of them are needed to import into the Stingray:

  1. www.website.com.key.txt.pem is the private key you need
  2. www.website.com.cert.pem is the certificate you need

These can then be imported into the STM under Catalogues > SSL > Server Certs

Google Chrome054.png

Hope this helps..


1 ~ $ ./p12_convert.sh -h


./p12_convert.sh written by Aidan Clarke <aidan.clarke at riverbed.com>


Copyright Riverbed Technologies 2013



usage: ./p12_convert.sh -i inputfile -o outputfile



This script converts a p12 bundle to PEM formated key and certificate ready for


import into Stingray Traffif Manager



OPTIONS:


   -h      Show this message


   -i      Input file name


   -o      Output file name stub