To generate your own certificate, use the following command:

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [client.crt]

If you don't know the import password, you need to ask the person who gave the PFX to you. Edit client.crt to eliminate the issuer info. For example, delete all the information above BEGIN CERTIFICATE.

To generate your own private key:

1. Use the following command:

   openssl pkcs12 -in [yourfile.pfx] -nocerts -out [private_with_pem.key]

2. Enter the import password.
3. Enter the PEM pass phrase. This is the same as the import password.
4. Enter the PEM pass phrase again.
5. Use the following command:

   openssl rsa -in [private_with_pem.key] -out [private.key]

   This command will remove the PEM password from private_with_pem.key. If you don't remove the PEM password, the SSFE admin console will prompt to read the PEM password from stdin.

To generate the certificate chain bundle:

1. Use the following command:

   openssl pkcs12 -in [yourfile.pfx] -cacerts -nokeys -out [chain_bundle.crt]

2. Enter the import password.
3. Edit the chain_bundle.crt file to remove the information of each certificate. For example, remove all the informations above BEGIN CERTIFICATE.

   

   

4. Edit the chain_bundle.crt file to order the certificates from the nearest subordinate CA to root CA. For example:

   -----BEGIN CERTIFICATE-----
   ...
   Certificate of FIRST subordinate CA
   ...
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   ...
   Certificate of SECOND subordinate CA
   ...
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   ...
   Certificate of ROOT subordinate CA
   ...
   -----END CERTIFICATE-----

The path of certificates in SSFE are as follows:

mgmtui: /opt/SingleInstaller/MgmtUI/SSL
osdp: /opt/TrendMicro/OSDP/SSL