Posted by: Om | December 17, 2008

Transfer SSL Certs from iplanet to Apache/IIS/Firewall/Loadbalancers CISCO/Juniper…

For Solaris : Set the LD_LIBRARY_PATH to iplanet6.1/bin/https/lib

 

Converting “database” files to “PKCS12″ format:

  1. Copy the two database files to a temporary directory. Make sure certutil and pk12util are in your path.
  2. Create links from the original database files to files called key3.database and cert7.database by issuing the following commands:
    ln -s https-secure.example.com-secure-key3.database key3.db
    ln -s https-secure.example.com-secure-cert7.database cert7.db
    Place the links in the same directory as the original files.
  3. Use the certutil command from the directory containing the database files to determine the certificate name with the following command
    certutil -K -d .
  4. You are prompted for the password for the certificate. After typing the password, you will see output similar to the following:
    <0> Server-Cert
    Note    : In this example, the certificate name is Server-Cert. You must know this when converting the database files to a single PKCS12 file.
  5. Based on the name discovered above, use pk12util to convert the database files with the following command:
    pk12util -d . -o output_file -n Server-Cert
  6. You are prompted to create a password for the PKCS12 output_file. You are also prompted for the password for the key3.database file. Output_file is now in PKCS12 format. Use Open_ssl to convert this file to PEM format.

Converting PKCS12 format to PEM format:

Using the OpenSSL utility, the output_file is the PKCS12 file created from the PKCS12 utility discussed above.

  1. Issue the following command:
    pkcs12 -in c:\temp\output_file -out c:\temp\output_file.pem
  2. Again, you are prompted for two passwords. The first password is the import password. This is the password created previously for output_file. The next password is the PEM pass phrase. This is a new password you’re creating for the private key inside the newly created output_file.pem file.
  3. The output_file.pem contains both the private key and the certificate. They must be copied from this file and put in individual files. Create two files called key.pem and cert.pem.
  4. Open the output_file.pem with an editor (for example, Notepad), copy the certificate and paste it into the cert.pem file. Copy everything from “—–BEGIN CERTIFICATE—–“ to “—–END CERTIFICATE—–“
  5. Do the same for the private key—copy everything from “—–BEGIN RSA PRIVATE KEY—–“ to “—–END RSA PRIVATE KEY—–“ and paste it into the key.pem file. The key.pem file and cert.pem file can now be imported directly into the NetScaler.

Posted in Uncategorized

«
»

Leave a response






Your response:

Categories