External certificate format needed for the PacketShaper S-Series

book

Article ID: 170908

calendar_today

Updated On:

Products

PacketShaper S-Series

Issue/Introduction

You want to know the format needed so you can successfully install an external Secure Sockets Layer (SSL) certificate on your PacketShaper S-Series. 

Resolution

The certificate and key files must be in PEM-encoded format. Certificates must be in X.509 format and keys must be in OpenSSL RSA format.   In order for the PacketShaper S-Series to validate and install the SSL certificate, all certificates in the chain of trust have to be bundled in a single file starting from the root CA with all of the characters including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags, including all of the intermediate CA with all of the characters including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags, and the PacketShaper S-Series certificate with all of the characters including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags.  The certificate is followed by the private key including the "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" tags.  If the certificate is not formatted correctly, then it will not be validated and will fail to install.   

See the contents of a correctly PEM formatted certificate below (file name: example.pem):

-----BEGIN CERTIFICATE----- 
(Omitted data, this would be the root certificate) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Omitted data, this would be the intermediate certificate, could be more than one) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Omitted data, this could be another intermediate certificate, if needed and so on) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Omitted data, this would be the PacketShaper S-Series certificate) 
-----END CERTIFICATE----- 
-----BEGIN RSA PRIVATE KEY----- 
(Omitted data, this would be the RSA private key, OpenSSL RSA format) 
-----END RSA PRIVATE KEY-----