If I misunderstood your post, my apologies. There is a command to do that in openssl: openssl x509 -inform der -in certificate.crt -out certificate.pem. If postgres restarted successfully, the new certificate was accepted. If I am reading your post correctly, I do not believe you can just take a crt file and change its extension to pem and have that work. On versions prior to 6.5.0, use the following command: Restart the database service to load the newly added SSL Certificate. Openssl rsa -in /home/friend/ -out /home/friend/Ĭp /var/lib/pgsql/current/data/server.crt /var/lib/pgsql/current/data/Ĭp /var/lib/pgsql/current/data/server.key /var/lib/pgsql/current/data/Ĭp /home/friend/ /var/lib/pgsql/current/data/server.crtĬp /home/friend/ /var/lib/pgsql/current/data/server.keyĬhown postgres:postgres /var/lib/pgsql/current/data/server.crtĬhmod 400 /var/lib/pgsql/current/data/server.crtĬhown postgres:postgres /var/lib/pgsql/current/data/server.keyĬhmod 400 /var/lib/pgsql/current/data/server.keyĩ. Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -nocerts -nodes -out /home/friend/ Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -clcerts -nokeys -out /home/friend/ If AWS, it would be ec2-user rather than friend (you'll need to replace friend with ec2-user for the below commands as well). WinSCP the pfx file to /home/friend/ on the DB as friend user. Check that your browser shows the correct certificate.ġ. If httpd restarted successfully after the cert was replaced, the Stratusphere WebUI should be accessible. On versions 6.5.0 and higher, use the following command: On versions 6.1.3, 6.1.4, use the following command:
On versions up to 6.1.1, use the following command: Restart the Web Server to load the newly added SSL Certificate. You should copy necessary snippets together with BEGIN / END.
Update ownership, permissions, security context:ĩ. After converting PFX to PEM you will need to open the resulting file in a text editor and save each certificate and private key to a text file - for example, cert.cer, CACert.cer and private.key. Openssl rsa -in /home/friend/ -out /home/friend/Ĭp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/Ĭp /etc/lwl/ssl/ssl.key /etc/lwl/ssl/Ĭp /home/friend/ /etc/lwl/ssl/ssl.crtĬp /home/friend/ /etc/lwl/ssl/ssl.keyĨ. Remove the passphrase from the private key (if needed): Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -nocerts -nodes -out /home/friend/ĥ. Export the private key file from the pfx file: Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -clcerts -nokeys -out /home/friend/Ĥ. Export the certificate file from the pfx file by running this command in putty (replace YOURCERTNAME): Putty in as friend user and run sudo bash to change to root user.ģ. If AWS, it would be ec2-user rather than friend (you'll need to replace friend with ec2-user for the below commands as well).Ģ. WinSCP the pfx file to /home/friend/ on the hub or collector as friend user. Your security team created the certificate without using the CSR or may have given you the certificate in PFX format.ġ.
D:\Certificate>openssl pkcs12 -in test.p12 -out test.The main document for replacing SSL certificates ( linked here) shows you how to create a CSR and private key from within the Stratusphere appliance and then request a matching base64/PEM format certificate using that CSR.
To do that, run the below command and enter Import Password set while exporting the certificate from the browser. You will be asked to set new PEM pass phrase to protect the converted file. pem that contains both the certificate & private key. Now, your certificate file is and private key is. openssl pkcs12 -in test.p12 -out -nocerts -nodes Step 7: Create certificate private key using the below OpenSSL command and enter the Import Password set while exporting the certificate from the browser. openssl pkcs12 -in test.p12 -out -clcerts -nokeys Step 6: Create certificate file using the below OpenSSL command and enter the Import Password set while exporting the certificate from the browser. Step 5: Switch to the directory created in step 2. Step 4: Launch command prompt via Run > cmd p12 certificate file into the folder created in step 2. Step 2: Now create a folder to store converted certificate files.
In some versions of Windows, you might have to install Visual C++ redistributable files.