ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Incorrect Certificate Type When Loading SSL Certificates into the Mobility Suite Configurator

book

Article ID: 161722

calendar_today

Updated On:

Products

Mobility Suite

Issue/Introduction

Cannot continue the Symantec Mobility Suite configurator / installation due to certificates not being in the correct format.

Certificates must be in PEM format

Cause

The SSL certificate(s) provided are not in PEM format

Resolution

There are three required certificates for Symantec Mobility Suite to handle SSL locally:

1. Public SSL certificate Note: A wildcard certificate is required for multi-tenant mode. This also must be trusted from Mobile devices.
2. Private key
3. GD bundle: A group of certificates in b64 format which establish the public certificate's chain of authority

Steps to extract private key and public certs from a pfx

  1. Extract the private key by running the following command, from terminal, in the same path as the PFX file (substitute "AppCenterCert.pfx" with the name of the PFX certificate file):
    openssl pkcs12 -in AppCenterCert.pfx -nocerts -out sign_pw.key
    Note: A passphrase of at least 4 characters is required to secure privateKey.pem file.
  2. Extract the public certificate from the PFX by running the following command, in terminal, in the same path as the original PFX file:
    openssl pkcs12 -in AppCenterCert.pfx -clcerts -nokeys -out sign.crt
    Note: No passphrase should be created for the publicCert.pem file.
  3. Remove the password from the private key by running the following command from by running the following command, in terminal, while in the same path as the privatekey.pem file :
    openssl rsa -in sign_pw.key -out sign.key
  4. Extract the root CA certificate from the PFX:
    openssl pkcs12 -in AppCenterCert.pfx –out gd_bundle.crt –nodes –nokeys –cacerts

Some other useful OpenSSL commands:

Convert a DER file (.crt .cer .der) to PEM
#openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER
#openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
#openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
#openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

 


Applies To

CentOS
Symantec Mobility Suite