- Customer want to add trusted root certificate in vCenter for using their ADFS
- Customer is having certificate in 'pfx' file format which can not directly add to vCenter trusted store.
  You can use a file of type CER, PEM, or CRT.
- So we need to covert this file to PEM format using openssl.

Our vcenter version is vCenter 7.0U2d but it's not depends on vCenter.

Adding trusted root certificate store does not support pfx format.

1. If you can get supported format again like CER,PEM,CRT, it should be best.
2. If you can't get it, you can use the openssl command for extracting root ca certificate.
 First upload certificate file to vCenter for using openssl commnad.
 Second Connect to ssh and change directory to uploaded directory.
 - If subject CN is equal with issuer CN, you can use below command for extracting root ca certificate.
  openssl pkcs12 -in certificate.pfx -nokeys -nodes -nomacver -out  certificate.pem
  
 - If subject CN is different with issuer CN then you can use below command for extracting root ca certificate only.
  openssl pkcs12 -in certificate.pfx -cacerts -nokeys -nomacver -out certificate.pem
  
  # This command might be required for password but you can input any words if you use 'nomacver' option like above.
    (Password needed when you check private key.)

3. Now using the certificate.pem file for adding trusted root certificate from vsphere UI.