Combining Root CA certificate, Intermediate CA certificate, Leaf certificate and Private key in a single pfx identity file using the OpenSSL utility.
Article ID: KB0088666
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | - |
| Not Applicable | - |
Description
Resolution:
Description :
=========
Follow the procedure outlined below after using OpenSSL to create a CSR (Certificate Signing Request), and having the CSR signed by the user's Certificate Authority.
Environment :
==========
All
Resolution:
=========
For this example, we will assume the following filenames:
- Root CA Cert File = root-ca.cer
- Intermediate CA Cert File = int-ca.cer
- Leaf Cert(Got signed from CA) = leaf.cer
- Private Key = key.pem
The steps used to combine these certificates are:
Step - 1: Create a new file (example: FullCA.cer) and paste the content of int-ca.cer at the top and root-ca.cer at bottom of the file. If the user has more than one intermediate CA they can paste them all in this file, keeping the root certificiate after the intermediate certificates(s).
Step - 2: Run the following OpenSSL command:
openssl pkcs12 -export -in leaf.cer -inkey key.pem -out FullIdentity.pfx -certfile FullCA.cer
This will create the file FullIdentity.pfx, which contains the whole identity including the complete certificate chain.
The FullIdentity.pfx file can be directly loaded into any application (such as TIBCO BusinessConnect) because it now contains the complete certificate chain.
References:
The OpenSSl utility can be downloaded from http://www.openssl.org
Description :
=========
Follow the procedure outlined below after using OpenSSL to create a CSR (Certificate Signing Request), and having the CSR signed by the user's Certificate Authority.
Environment :
==========
All
Resolution:
=========
For this example, we will assume the following filenames:
- Root CA Cert File = root-ca.cer
- Intermediate CA Cert File = int-ca.cer
- Leaf Cert(Got signed from CA) = leaf.cer
- Private Key = key.pem
The steps used to combine these certificates are:
Step - 1: Create a new file (example: FullCA.cer) and paste the content of int-ca.cer at the top and root-ca.cer at bottom of the file. If the user has more than one intermediate CA they can paste them all in this file, keeping the root certificiate after the intermediate certificates(s).
Step - 2: Run the following OpenSSL command:
openssl pkcs12 -export -in leaf.cer -inkey key.pem -out FullIdentity.pfx -certfile FullCA.cer
This will create the file FullIdentity.pfx, which contains the whole identity including the complete certificate chain.
The FullIdentity.pfx file can be directly loaded into any application (such as TIBCO BusinessConnect) because it now contains the complete certificate chain.
References:
The OpenSSl utility can be downloaded from http://www.openssl.org
Issue/Introduction
Combining Root CA certificate, Intermediate CA certificate, Leaf certificate and Private key in a single pfx identity file using the OpenSSL utility.
Feedback
Yes
No
Powered by
