search cancel

Incorrect Certificate Type When Loading SSL Certificates into the Mobility Suite Configurator


Article ID: 161722


Updated On:


Mobility Suite


Cannot continue the Symantec Mobility Suite configurator / installation due to certificates not being in the correct format.

Certificates must be in PEM format


The SSL certificate(s) provided are not in PEM format


There are three required certificates for Symantec Mobility Suite to handle SSL locally:

1. Public SSL certificate Note: A wildcard certificate is required for multi-tenant mode. This also must be trusted from Mobile devices.
2. Private key
3. GD bundle: A group of certificates in b64 format which establish the public certificate's chain of authority

Steps to extract private key and public certs from a pfx

  1. Extract the private key by running the following command, from terminal, in the same path as the PFX file (substitute "AppCenterCert.pfx" with the name of the PFX certificate file):
    openssl pkcs12 -in AppCenterCert.pfx -nocerts -out sign_pw.key
    Note: A passphrase of at least 4 characters is required to secure privateKey.pem file.
  2. Extract the public certificate from the PFX by running the following command, in terminal, in the same path as the original PFX file:
    openssl pkcs12 -in AppCenterCert.pfx -clcerts -nokeys -out sign.crt
    Note: No passphrase should be created for the publicCert.pem file.
  3. Remove the password from the private key by running the following command from by running the following command, in terminal, while in the same path as the privatekey.pem file :
    openssl rsa -in sign_pw.key -out sign.key
  4. Extract the root CA certificate from the PFX:
    openssl pkcs12 -in AppCenterCert.pfx –out gd_bundle.crt –nodes –nokeys –cacerts

Some other useful OpenSSL commands:

Convert a DER file (.crt .cer .der) to PEM
#openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER
#openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
#openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
#openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt


Applies To

Symantec Mobility Suite