This document explains how to extract the certificate file, private key, and certificate bundle through openssl on the Linux Terminal in the format that Mobility Suite requires during the configurator stage of On-Premise installation. The below steps include example certificate names like 'sslcert.pfx' and passwords like '[email protected]' which will need to be modified in accordance with the .pfx file used.
1. From the Terminal, change to the directory that contains the .pfx file to be used for extraction.
Extract the certificate file from the .pfx file.
2. Type openssl pkcs12 –in sslcert.pfx –out 1.\ SSL\ Certificate\ File -nodes –nokeys –clcerts and press <enter>.
3. Type [email protected]
and press <enter>
when prompted for the password of the .pfx file if one exists.
The certificate file should now be extracted from the .pfx file and named "1. SSL Certificate File" which matches the Configurator's terminology.
Extract the private key from the .pfx file.
4. Type openssl pkcs12 –in sslcert.pfx –out 2.\ SSL\ Key\ File –nodes –nocerts and press <enter>.
The private key should now be extracted from the .pfx file and named "2. SSL Key File" which also matches the Configurator's terminology.
Extract the certificate bundle from the .pfx file.
7. Type openssl pkcs12 –in sslcert.pfx –out 3.\ SSL\ CA\ Certificate\ Bundle –nodes –nokeys -cacerts and press <enter>.
The certificate bundle should now be extracted from the .pfx file and named "3. CA Certificate Bundle" which matches the Configurator's terminology as well.
9. Type ls -hal and press <enter>.
The "1. SSL Certificate File", "2. SSL Key File", and "3. CA Certificate Bundle" should be displayed the output of the 'ls -hal' command. These files can now be uploaded into the Configurator. Please note that these files can also be named, "sign.crt", "sign.key", and "gd_bundle.crt" in accordance with the naming convention that Mobility Suite saves these files as once installed.
Necessary Step for 5.3.1+ versions of Mobility Suite:
10. Add the "3. CA Certificate Bundle" to the "1. SSL Certificate File" (Nginx requires the intermediate certificate to be part of the signed SSL certificate in a bundle.) by using the following command from the directory that contain both files:
cat 3.\ SSL\ CA\ Certificate\ Bundle >> 1.\ SSL\ Certificate\ File
A script which performs these steps (except step 10) automatically has been attached to this article. The script will need to be placed in the same directory as the .pfx file. The script's permissions may need to be modified before it can be run after it has been uncompressed. In order to uncompress, qualify the script for use, and execute it the following commands need to be run from the Terminal in the directory where the script is located:
# yum -y install unzip
# unzip ExtractSSLCert.sh.zip -d ~
# cd ~
# chmod a+x ExtractSSLCert.sh