Then you can configure HAProxy to use the file.
The 2nd step prompts you for that plus also to make up a passphrase for the key.
here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase. This will add the Issuer certificate and list of trusted authorities on the client side, and one would be able to connect over SSL with a certificate from an organization certification authority.Another perspective for doing it on Linux. Convert from PFX Format to PEM Format for SSL certifcates imported from IIS Using the certificate snap-in, find Issuers certificate from the certificates. Paste the content of the exported certificate, which is attached to the certificates list. This file contains certificates of common trusted authorities. On the client side, under C:\Program Files\Parallels\Client\, the file trusted.pem should be visible.Open the exported certificate with a word processor and copy the contents to the clipboard.Specify the filename you'd like to export, and save the certificate. Then choose a Base-64 encoded X.509 (.CER) format. Right-click on the Issuer certificate, select All Tasks > Export.Ĭhoose No and do not export the private key, as only the certificate is necessary. Using the certificate snap-in, find Issuer's certificate from the certificates console. The Issuer refers to the authority that issued the certificate. It's therefore necessary to extract the certificate from the certificate authority and assign it to Parallels Remote Application Server clients. If the Issuer is not a trusted authority, an additional step is necessary, as Parallels clients do not trust and are unaware of the Issuer Certificate authority. Note that your browser may not support the display of this image. On the Parallels Client Gateway page, enable Secure Sockets Layering (SSL) and click " …" to browse for the PEM file. You should then receive a message that says" When prompted for the import password, enter the password you used when exporting the certificate to a PFX file.Type the following command to convert the PFX file to an unencrypted PEM file: openssl pkcs12 -in c:\certs\cert.pfx -out c:\certs\cert.pem -nodes Open a command prompt, and move to the GnuWin32\bin directory, using: cd %ProgramFiles%\GnuWin32\bin
To convert a PFX file to a PEM file, follow these steps on a Windows machine:ĭownload and install the Win32 OpenSSL package, using the link above.Ĭreate a folder c:\certs and copy the file cert.pfx (the created PFX file) into the c:\certs folder. A downloadable Win32 distribution of OpenSSL is available here: Use the open-source utility OpenSSL to perform the conversion from PFX to PEM.
To use this certificate with a Parallels Client Gateway, one must convert the PFX file to the un-encrypted PEM format.