DescriptionEMS requires a Certificate and Private Key, you will need
either both separate, or a certificate which contains a key so you can then
extract it.
ScopeThis document shows one way to extract your certificate key into its own file to upload to EMS.
SolutionDifferent file formats exist for certificates based upon how they
are encoded and what information store. One way to categorize certificates is
by those which contain a private key and the ones that do not.
|
No Key Included
|
Can Include a Key
|
|
Cryptographic Message Syntax Standard (PKCS#7)
Certificate (.p7b, .p7r or .spc)
|
Personal Information
Exchange Format (PKCS#12) Certificate (.pfx or .p12)
|
|
Base64-encoded X.509 Certificate (.cer or .crt)
|
Privacy-enhanced Electronic Mail (.pem)
|
|
DER-encoded binary X.509 Certificate (.cer, .der or .crt)
|
Private Key(.key)
|
|
Certificate Signing Request (.csr)
|
|
https://blogs.msdn.microsoft.com/kaushal/2010/11/04/various-ssltls-certificate-file-typesextensions/
The most commonly used file type which allows private key to be exported is the PKCS#12 format (.pfx/.p12 extension).
Extract the key into its own file
Here we will use a free program called OpenSSL (https://www.openssl.org/). There exists
other methods of extracting a private key into its own file.
openssl
pkcs12 -in certfile.pfx -nocerts -nodes -out key.pem
-
nocerts ensures a key only file
-
nodes no encryption (no des) as EMS requires an unencrypted key
Extract the certificate into its own file
Using OpenSSL again:
openssl pkcs12
-in certfile.pfx -clcerts -nokeys -out cert.pem
-clcerts client certificate (Not CA)
-nokeys ensures the key is not included in the cert file
