Notice: These instructions are provided as a service to our customers. Symantec Enterprise Support will not provide assistance to convert certificate formats by phone, email, or chat. For more assistance, please contact your certificate authority.
Chaining your certificate and original private key (no passphrase used to generate certificate)
- Create an empty text file.
- Copy the contents of your certificate and paste into the new file.
- Copy the contents of any intermediate certs and paste into the file after the certificate (if needed).
- Copy the contents of your private key and paste into the new file after the certificate.
- Save the new file locally (e.g. certandprivatekey.pem)
- Import into the SMG.
Verify the combined PEM file is structured similar to this:
-----BEGIN CERTIFICATE-----
<ASCII code for certificate>
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
<ASCII code for key>
-----END RSA PRIVATE KEY-----
Chaining your certificate and original private key (passphrase used to generate certificate)
To modify the certificate import file, please have:
- Certificate file
- Original private key
- OpenSSL (https://www.openssl.org if you need a copy)
- Passphrase used to generate the key
To modify the certificate:
- Use OpenSSL to remove the passphrase from the private key using the following command:
- OpenSSL 1.x:
openssl rsa -in private.key -out key-nopass.key
- OpenSSL 3.x:
openssl rsa -traditional -in private.key -out key-nopass.key
- Enter the original passphrase used to generate the certificate when prompted.
- Create a new text file.
- Copy the certificate into the new file.
- Copy the contents of any intermediate certs and paste into the file after the certificate (if needed).
- Copy the contents of your private key and paste into the new file after the certificate.
- Copy the contents of the output key into the new file under the original private key.
- Save the new file locally (e.g. certwithprivatenopass.pem).
- Import the file into the Control Center.
The combined PEM file should be structured like this:
-----BEGIN CERTIFICATE-----
<ASCII code for certificate>
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
<ASCII code for key without passphrase>
-----END RSA PRIVATE KEY-----
Erratta
The original private key should remain secure. You may want to delete the version without the passphrase when you complete these steps, and store the original in a safe place.