Solved: Replace Certificates - PFX File

TSprouse94 · ‎02-16-2019

Looking to replace the self signed certificates in my VCSA 6.7 appliance. My security team provided me with a .pfx file which I copied over to a temp directory on my VCSA appliance. I am now not 100% sure what openssl commands to run to extract the appropriate files needed to replace the self signed certificates.

Any smart openssl people out there that can lend some guidance.

TSprouse94 · ‎02-19-2019

So imported the PFX file into vCenter in a temp directory and ran these three commands:

openssl pkcs12 -in <filename.pfx> -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > <clientcert.key>
openssl pkcs12 -in <filename.pfx> -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <clientcert.cer>
openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer>

That gave me the three files I was looking for and replaced the certificates with no issue.

View solution in original post

daphnissov · ‎02-16-2019

You need to get them to give you a base64-encoded certificate in PEM format.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

TSprouse94 · ‎02-19-2019

So imported the PFX file into vCenter in a temp directory and ran these three commands:

openssl pkcs12 -in <filename.pfx> -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > <clientcert.key>
openssl pkcs12 -in <filename.pfx> -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <clientcert.cer>
openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer>

That gave me the three files I was looking for and replaced the certificates with no issue.

jamie20 · ‎05-26-2020

Hi TSprouse,

I had generated the three files from pfx. How to proceed further? Can you say where I have to replace these files?

All

Replace Certificates - PFX File