How to Convert PFX Certificate to PEM Format for Use with NetScaler

Complete one of the following procedure to convert PFX certificate to PEM format for use with NetScaler:

NetScaler Wizard

Complete the following procedure to convert a PFX certificate to PEM format using NetScaler Wizard:

  1. Navigate to Traffic Management, Select the SSL node.

  2. Click the Import PKCS#12 link.

    User-added image

  3. Specify a file name you want for the PEM certificate in the Output File Name field.

  4. Click Browse and select the PFX certificate that you want to convert to PEM format. Some users prefer to upload the certificate to /ncsonfig/SSL directory and use it from there. If PFX certificate is stored on NetScaler then choose option Appliance and if it stored on your workstation then use Local.

    User-added image

  5. Specify the Import Password.

  6. Click OK.

    User-added image

  7. If the file is encoded, then select DES or 3DES as the Encoding Format:

    User-added image

  8. Specify the PEM Passphrase and the Verify PEM Passphrase.

  9. Click the Manage Certificates / Keys / CSRs link to view the converted PEM certificate files.

    User-added image

  10. You can view the uploaded PFX file with the converted PEM file.

    User-added image

  11. Expand the SSL node.

  12. Select the Certificates node.

  13. Click Install.

  14. Specify a Certificate-Key Pair Name in the Install Certificate wizard.

  15. Browse to the PEM file for both the Certificate File Name and Private Key File Name.

  16. Specify the Password.

  17. Click Install.

    User-added image

  18. Bind the certificate key pair to an SSL load balancing virtual server or NetScaler Gateway virtual server.

OpenSSL Utility

If you have requested and installed a certificate onto a Windows server using the Internet Information Service (IIS) certificate wizard, you can export that certificate with its private key to a Personal Information Exchange (PFX) file. To import this certificate onto the NetScaler Gateway, you must convert the PFX file to unencrypted PEM format.

You can use the open source utility OpenSSL to perform the conversion from PFX to PEM. Download a Win32 distribution of OpenSSL from Win32 OpenSSL.

You might also need C++ redistributable files if you want to use OpenSSL. Download this from Microsoft Visual C++ 2008 Redistributable Package (x86).

To convert a PFX file to a PEM file, complete the following steps on a Windows machine:

  1. Download and install the Win32 OpenSSL package from Win32 OpenSSL.

  2. Create a folder c:certs and copy the file yourcert.pfx into the c:certs folder.

  3. Open command prompt and change into the OpenSSLbin directory:

    cd %homedrive%OpenSSLbin

  4. Run the following command to convert the PFX file to an unencrypted PEM file (all in one line):

    openssl pkcs12 -in c:certsyourcert.pfx -out c:certscag.pem –nodes

    User-added image

  5. When prompted for the import password, enter the password you used when exporting the certificate to a PFX file. You should receive a message that says MAC verified OK.

    User-added image

  6. Point a browser to the NetScaler Gateway administration portal or HTTPS port 9001: https://netscaler-gateway-server:9001.

  7. Log on as root. The default password is rootadmin.

  8. Click the Maintenance link at the top of the page.

  9. Click the Browse button next to the Upload Private Key+Certificate (.pem) field. Browse to the c:certscag.pem file and click Upload.

  10. Restart NetScaler Gateway for the new SSL certificate to be applied.


  • No Related Posts

Leave a Reply