...
CER, PEM (.cer, .pem)
Code Block language text openssl pkcs12 -export -out {path_to_created_keystore_file} -in {certificate_file_path} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
Code Block language powershell title Windows example openssl pkcs12 -export -out C:\MyDirectory\keystore.p12 -in C:\MyDirectory\certificate.cer -inkey C:\MyDirectory\certificate.key -name xflicstat -noiter -nomaciter
Code Block language bash title Linux example openssl pkcs12 -export -out /home/mydirectory/keystore.p12 -in /home/mydirectory/certificate.cer -inkey /home/mydirectory/certificate.key -name xflicstat -noiter -nomaciter
DER (.der)
Code Block language text 1. Create intermediate .pem file from .der file: openssl x509 -inform der -in {certificate_file_path} -out {created_pem_file} 2. Create keystore from intermediate .pem file openssl pkcs12 -export -out {path_to_created_keystore_file} -in {created_pem_file} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter described in first "CER, PEM (.cer, .pem)" bullet point.
Code Block language powershell title Windows example openssl x509 -inform der -in C:\MyDirectory\certificate.der -out C:\MyDirectory\intermediate.pem openssl pkcs12 -export -out C:\MyDirectory\keystore.p12 -in C:\MyDirectory\intermediate.pem -inkey C:\MyDirectory\certificate.key -name xflicstat -noiter -nomaciter
Code Block language bash title Linux example openssl x509 -inform der -in /home/mydirectory/certificate.der -out /home/mydirectory/intermediate.pem openssl pkcs12 -export -out /home/mydirectory/keystore.p12 -in /home/mydirectory/intermediate.pem -inkey /home/mydirectory/certificate.key -name xflicstat -noiter -nomaciter
P7B (.p7b)
Code Block language text 1. Create intermediate .cer file from .p7b file openssl pkcs7 -print_certs -in {certificate_file_path} -out {intermediate_cer_file} 2. Create keystore from intermediate .cer file openssl pkcs12 -export -out {path_to_created_keystore_file} -in {intermediate_cer_file} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter described in first "CER, PEM (.cer, .pem)" bullet point.
Code Block language powershell title Windows example openssl pkcs7 -print_certs -in C:\MyDirectory\certificate.p7b -out C:\MyDirectory\intermediate.cer openssl pkcs12 -export -out C:\MyDirectory\keystore.p12 -in C:\MyDirectory\intermediate.cer -inkey C:\MyDirectory\certificate.key -name xflicstat -noiter -nomaciter
Code Block language bash title Linux example openssl pkcs7 -print_certs -in /home/mydirectory/certificate.p7b -out /home/mydirectory/intermediate.cer openssl pkcs12 -export -out /home/mydirectory/keystore.p12 -in /home/mydirectory/intermediate.cer -inkey /home/mydirectory/certificate.key -name xflicstat -noiter -nomaciter
Remarks:
- In every case you will be prompted for password. This password should be put under SSL_KEYSTORE_PASSWORD in xflicstat.cfg
- {path_to_created_keystore_file} should be the path that you put under SSL_KEYSTORE key in xflicstat.cfg
- {certificate_alias} should be the name that you put under SSL_KEYSTORE_KEY_ALIAS key in xflicstat.cfg
- If you are migrating from 5.x settings then {certificate_file_path} is path to previously used certificate, defined as SSL_CERTIFICATE_FILE in old xflicstat.cfg
- If you are migrating from 5.x settings then {key_file_path} is path to previously used certificate key, defined as SSL_CERTIFICATE_KEY_FILE in old xflicstat.cfg
On windows you can sometimes get "openssl unable to write 'random state'" error. It happens because openssl could not access C:\.rnd file. You can either gain acces to it, or change value of RANDFILE - it is environmental variable that stores path to .rnd file. RANDFILE should contain path to file that you have access to. If you are using powershell it can be changed with:
Code Block language powershell $env:RANDFILE="C:\directory_i_own\.rnd"
...