2 Replies Latest reply on Feb 19, 2019 12:04 PM by TSprouse94

    Replace Certificates - PFX File

    TSprouse94 Lurker

      Looking to replace the self signed certificates in my VCSA 6.7 appliance.  My security team provided me with a .pfx file which I copied over to a temp directory on my VCSA appliance.   I am now not 100% sure what openssl commands to run to extract the appropriate files needed to replace the self signed certificates.

       

      Any smart openssl people out there that can lend some guidance.

        • 1. Re: Replace Certificates - PFX File
          daphnissov Guru
          Community WarriorsvExpert

          You need to get them to give you a base64-encoded certificate in PEM format.

          • 2. Re: Replace Certificates - PFX File
            TSprouse94 Lurker

            So imported the PFX file into vCenter in a temp directory and ran these three commands:

             

            openssl pkcs12 -in <filename.pfx> -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > <clientcert.key>
            openssl pkcs12 -in <filename.pfx> -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <clientcert.cer>
            openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer>

             

            That gave me the three files I was looking for and replaced the certificates with no issue.