Mobility Suite SSL Certificate Creation
HOWTO106999
Last Updated November 30, 2015
readonly
This document explains how to extract the certificate file, private key, and certificate bundle through openssl on the Linux Terminal in the format that Mobility Suite requires during the configurator stage of On-Premise installation. The below steps include example certificate names like 'sslcert.pfx' and passwords like 'P@ssw0rd' which will need to be modified in accordance with the .pfx file used.
1. From the Terminal, change to the directory that contains the .pfx file to be used for extraction.
Extract the certificate file from the .pfx file.
2. Type
openssl pkcs12 –in sslcert.pfx –out 1.\ SSL\ Certificate\ File -nodes –nokeys –clcerts and press
<enter>.
3. Type
P@ssw0rd and press
<enter> when prompted for the password of the .pfx file if one exists.
The certificate file should now be extracted from the .pfx file and named "1. SSL Certificate File" which matches the Configurator's terminology.
Extract the private key from the .pfx file.
4. Type
openssl pkcs12 –in sslcert.pfx –out 2.\ SSL\ Key\ File –nodes –nocerts and press
<enter>.
5. Type
P@ssw0rd and press
<enter> when prompted for the password
The private key should now be extracted from the .pfx file and named "2. SSL Key File" which also matches the Configurator's terminology.
Extract the certificate bundle from the .pfx file.
7. Type
openssl pkcs12 –in sslcert.pfx –out 3.\ SSL\ CA\ Certificate\ Bundle –nodes –nokeys -cacerts and press
<enter>.
8. Type
P@ssw0rd and press
<enter> when prompted for the password
The certificate bundle should now be extracted from the .pfx file and named "3. CA Certificate Bundle" which matches the Configurator's terminology as well.
9. Type
ls -hal and press
<enter>.
The "
1. SSL Certificate File", "
2. SSL Key File", and "
3. CA Certificate Bundle" should be displayed the output of the '
ls -hal' command. These files can now be uploaded into the Configurator. Please note that these files can also be named, "
sign.crt", "
sign.key", and "
gd_bundle.crt" in accordance with the naming convention that Mobility Suite saves these files as once installed.
Necessary Step for 5.3.1+ versions of Mobility Suite:
10. Add the "
3. CA Certificate Bundle" to the "
1. SSL Certificate File" (Nginx requires the intermediate certificate to be part of the signed SSL certificate in a bundle.) by using the following command from the directory that contain both files:
cat 3.\ SSL\ CA\ Certificate\ Bundle >> 1.\ SSL\ Certificate\ File
cat 3.\ SSL\ CA\ Certificate\ Bundle >> 1.\ SSL\ Certificate\ File
A script which performs these steps (except step 10) automatically has been attached to this article. The script will need to be placed in the same directory as the .pfx file. The script's permissions may need to be modified before it can be run after it has been uncompressed. In order to uncompress, qualify the script for use, and execute it the following commands need to be run from the Terminal in the directory where the script is located:
# yum -y install unzip
# unzip ExtractSSLCert.sh.zip -d ~
# cd ~
# chmod a+x ExtractSSLCert.sh
# ./ExtractSSLCert.sh
Imported Document ID: HOWTO106999
This script performs the tasks listed in this article. If used, it needs to be placed into the same directory as the .pfx file. The .pfx file name will need to be input as well as the certificate password.
ExtractSSLCert.sh.zip
Subscribing will provide email updates when this Article is updated. Login is required.
TECH212181
Invalid SSL file type when uploading certificates to the App Center configurator
Last Updated August 13, 2015
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.
Start Over
This will clear the history and restart the chat.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)