Question & Answer
Question
Answer
Sign into the *SYSTEM store and select the certificate you wish to use and select export to a file.
2) Export the private key from the pfx file.
CALL QP2TERM
openssl pkcs12 -in /home/certs/ServerCert.pfx -nocerts -out /home/certs/private_pass.pem
3) Export the personal certificate from the pfx file.
openssl pkcs12 -in /home/certs/ServerCert.pfx -clcerts -nokeys -out /home/certs/PersonalCert.pem
NOTE: The /home/certs/PersonalCert.pem file will contain the CA certificates as well as the Personal certificate.
4) Remove the passphrase from the private key.
openssl rsa -in /home/certs/private_pass.pem -out /home/certs/private_nopass.key
5) You now have a valid and matching private key with no password assigned (private_nopass.key) and a personal certificate (PersonalCert.pem) to use.
//Private Key
key: fs.readFileSync('/home/certs/private_nopass.key');
cert: fs.readFileSync('/home/certs/PersonalCert.pem');
6) If using a keystore, you can import the CA cert and Personal cert into a new PKCS12 keystore.
openssl pkcs12 -export -in /home/certs/PersonalCert.pem -inkey /home/certs/private_nopass.key -out /home/certs/Certificate.p12 -name default -passout pass:<password>
If you need to import additional CA certs along with the personal cert, you can include the "-certfile <certs>" option on the openssl pkcs12 -export command.
Was this topic helpful?
Document Information
Modified date:
03 October 2024
UID
nas8N1022422