When working on EUC and SDDC solutions (and yes now for everything) we have to use certificates.

I mostly used Microsoft Certificate Services for all my internal servers and a Public wildcard certificate for external access. So to create certificate, the best is to used the Windows MMC and the export the certificate as .PFX to get both the certificate and the private key used to generate it.

However some product like Workspace One Access ask for certificate as PEM format so I used the following script to convert PFX to PEM with OpenSSL.

It’s a batch script who need two arguments, the first one is the name of the certificate without the extension and the second argument is the password used to encrypt Private key

Eg. my PFX certificate is myserver.mydomain.local.pfx so I juste have to type : pfx2pem.bat myserver.mydomain.local mypassword

mkdir C:\openssl-1.0.2d-x64_86-win64\certs\%1
C:\openssl-1.0.2d-x64_86-win64\openssl.exe pkcs12 -in %1.pfx -nocerts -out C:\openssl-1.0.2d-x64_86-win64\certs\%1\%1.key.pem -nodes -password pass:%2
C:\openssl-1.0.2d-x64_86-win64\openssl.exe pkcs12 -in %1.pfx -nokeys -out C:\openssl-1.0.2d-x64_86-win64\certs\%1\%1.cert.pem -password pass:%2
C:\openssl-1.0.2d-x64_86-win64\openssl.exe rsa -in C:\openssl-1.0.2d-x64_86-win64\certs\%1\%1.key.pem -out C:\openssl-1.0.2d-x64_86-win64\certs\%1\%1.server.key
del C:\openssl-1.0.2d-x64_86-win64\certs\%1\%1.key.pem

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *