Problem Description
The Buttonwood Automate virtual appliance is deployed with a self-signed certificate. Organisation admins may choose to replace the self-signed certificate with one which is signed by their own certificate authority (CA).
When importing the signed certificate to the appliance, the certificate and its private key is required. In Windows environments, the signed certificate and private key is exported in a password protected pfx file. The certificate and private key needs to be extracted from the pfx file.
Cause
N/A
Resolution
The certificate and private key can be extracted from a pfx file using an open source tool such as OpenSSL. Most Linux-based operating systems come with OpenSSL pre-installed, and binaries are available for Windows. Refer to the OpenSSL website and wiki for details.
The following example extracts the certificate from the pfx file:
openssl pkcs12 -in signed-cert.pfx -clcerts -nokeys -out signed-cert.crt
The following example extracts the key from the pfx file into an encrypted format:
openssl pkcs12 -in signed-cert.pfx -nocerts -out signed-cert.encrypted.key
The following example decrypts the extracted key:
openssl rsa -in signed-cert.encrypted.key -out signed-cert.key
The content of the certificate and unencrypted key file can now be imported into the virtual appliance. Refer to the article Managing HTTPS Certificates for detailed steps.
Note: Ensure the unencrypted key file is discarded once the import is complete.