Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Importing a *.PFX certificate to SafeSync for Enteprise (SSFE)

    • Updated:
    • 7 Nov 2016
    • Product/Version:
    • SafeSync for Enterprise 3.1
    • SafeSync for Enterprise 3.2
    • Platform:
    • iOS 9.2
Summary

You want to know how to import a *.PFX certificate to SSFE when you already have a .pfx file.

When updating certificates to SSFE, you need: (1) your own certificate, (2) your private key, and (3) a certificate chain bundle. This article shows how to generate the aforementioned requirements from a .pfx file.

Import certificates

Details
Public

To generate your own certificate, use the following command:

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [client.crt]

If you don't know the import password, you need to ask the person who gave the PFX to you. Edit client.crt to eliminate the issuer info. For example, delete all the information above BEGIN CERTIFICATE.

Generate certificate

To generate your own private key:

  1. Use the following command:

    openssl pkcs12 -in [yourfile.pfx] -nocerts -out [private_with_pem.key]

  2. Enter the import password.
  3. Enter the PEM pass phrase. This is the same as the import password.
  4. Enter the PEM pass phrase again.
  5. Use the following command:

    openssl rsa -in [private_with_pem.key] -out [private.key]

    This command will remove the PEM password from private_with_pem.key. If you don't remove the PEM password, the SSFE admin console will prompt to read the PEM password from stdin.

To generate the certificate chain bundle:

  1. Use the following command:

    openssl pkcs12 -in [yourfile.pfx] -cacerts -nokeys -out [chain_bundle.crt]

  2. Enter the import password.
  3. Edit the chain_bundle.crt file to remove the information of each certificate. For example, remove all the informations above BEGIN CERTIFICATE.

    Generate chain bundle 1

    Generate chain bundle 2

  4. Edit the chain_bundle.crt file to order the certificates from the nearest subordinate CA to root CA. For example:

    -----BEGIN CERTIFICATE-----
    ...
    Certificate of FIRST subordinate CA
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    Certificate of SECOND subordinate CA
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    Certificate of ROOT subordinate CA
    ...
    -----END CERTIFICATE-----

The path of certificates in SSFE are as follows:

mgmtui: /opt/SingleInstaller/MgmtUI/SSL
osdp: /opt/TrendMicro/OSDP/SSL

Premium
Internal
Rating:
Category:
Configure; Deploy; SPEC
Solution Id:
1115632
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.