Invalid SSL file type when uploading certificates to the App Center configurator

book

Article ID: 158622

calendar_today

Updated On:

Products

Mobility Suite

Issue/Introduction

The App Center configurator requires the SSL certificate files be uploaded individually and not be protected with a password-based symmetric key (standard-PKCS12).

"Invalid file type, pfx is not allowed"

Cause

The following two certificates need to be extracted from the PFX certificate file and uploaded to the App Center server:

  • SSL Certificate File = Certificate of the App Center host (.cer)
  • SSL Key File = Private key for the above certificate

Resolution

  1. Extract the private key by running the following command, from terminal, in the same path as the PFX file (substitue "AppCenterCert.pfx" with the name of the PFX certificate file): 
    openssl pkcs12 -in AppCenterCert.pfx -nocerts -out privateKey.pem
    Note: A passphrase of at least 4 characters is required to secure privateKey.pem file.
  2. Extract the public certificate from the PFX by running the following command, in terminal, in the same path as the original PFX file:
    openssl pkcs12 -in AppCenterCert.pfx -clcerts -nokeys -out publicCert.pem
    Note: No passphrase should be created for the publicCert.pem file.
  3. Remove the password from the private key by running the following command from by running the following command, in terminal, while in the same path as the privatekey.pem file :
    openssl rsa -in privateKey.pem -out private.pem
    Note: Enter the passphrase created in Step 1.
  4. In the App Center Configurator Select the publicCert.pem file by clicking "Browse" next to "SSL Certificate File" and locating it on the server.
  5. Select the private.pem file by clicking "Browse" next to "SSL Key File" and locating it on the server.
  6. The "SSL CA Certificate Bundle" is is a base64 encoded file containing the root certificate(s) of the SSL provider.  The root CA certificates are available here.

Note: This command also may be ran on the workstation accessing the App Center configurator console and does not have to be done on the App Center server itself.  This would require openssl be installed on the accessing workstation.

 

Applies To

App Center on-premise
Cent OS/RHEL 5.8