2-22
WLSE Express AAA Server Certificate Configuration Guide
OL-8880-01
Chapter2 Generating Certificates
Certificate Generation with Windows CA
Converting PKCS#12 to PEMA certificate and private key that have been exported from Windows will generally be encapsulated in a
single file in PKCS#12 format. Before they can be installed on WLSE, they must be reformatted into
PEM formatted files. It is a good security practice to store the certificate and private key in separate files.
You can use the openssl command line tool from the OpenSSL open source project to do this.
Most Windows systems will not have the openssl tool installed, so it is usually easier to copy the
PKCS#12 certificate file to a computer that does support OpenSSL.
There are two steps involved:
Step1 Convert the PKCS#12 file to PEM format using openssl.
Step2 Split the resulting PEM file into separate certificate and private key files (optional).
The following command line converts the content of server.pfx from PKCS#12 to PEM and places the
result into server.pem:
openssl pkcs12 –in server.pfx –out server.pem
If the PKCS#12 file has been password protected, openssl will prompt you for the password. If the
conversion succeeds, the server.pem file will contain the certificate and private key in PEM format. An
example of a converted PEM file follows: