Cert must be encoded in pem (ASCII format) with .crt extension on file, cert file must not contain private key.
Certs cannot be in der (binary format)
Key file must be in .key format and must match with cert file (same modulus).Regardless of file extension (.cer,.pem,.crt) a cert encoded in pem format will appear as such
A der encoded cert regardless of file extension will look like this
1.)You have a .pem file that contains the private key.
To use this file you must remove the private key and save the cert in the .crt format, key file will be saved as .key.
Strip the key file from cert
. open the .pem file in a text editor (preferably notepad++)
. next cut all lines related to the private key
. Paste into new file and save in .key format
Cert file Should now look like this
.Save the cert file in as a .crt file
Now upload both files to sd-wan via the gui
2.) you have a der encoded .crt file
.First you need to convert the cer to pem format with below openssl cmd
openssl x509 -in cert.crt -inform der -outform pem -out cert.crt
openssl x509 -in sd-wan.crt -inform der -outform pem -out article.crt
.Find your private key and save to file as .key (make sure key file is not in binary format and that modulus matches cert)
. Last upload both files to sd wan via gui
Note–all cert files/examples are from internal lab enviroment