How to convert the pfx(pkcs12) certificate to PEM format for enabling the HTTPS TIBCO domain.

Bytechieswiki

  APR 21, 2018  Administrator, Domain, HTTPS, TIBCO

To enable the HTTPS domain domainutility required the PEM format certificate. But, some users get the pfx certificate from the third party. Also sometime faces the below error while trying to enable the https domain.

com.tibco.security.AXSecurityException: No certificates encoded in supported ways were found
Caused by: com.tbco.security.AXSecurityException: java.security.cert.CertificateException: Error in parsing certificate: java.lang.String incompatible with java.math.BigInteger

Use the below steps to convert the certificate in PEM format.

Step 1: Obtaining the embedded private key in PEM format

openssl pkcs12 -in "cep test ssl private key.pfx" -nocerts -out key.pem -nodes

Step 2: Converting PEM key into a PKCS#8 key and name it “key.p8”

Uses the private key obtained in step 1 above and converts it to PKCS#8 format.

openssl pkcs12 -topk8 -inform PEM -outform PEM -in key.pem -out key.p8.

Step 3: Extract Server certificate , Obtaining the embedded certificate without any keys

openssl pkcs12 -in "cep test ssl private key.pfx"  -clcerts -nokeys -out Server_cert.cer.

Step 4: Extract CA Chain certificates

openssl pkcs12 -in "cep test ssl private key.pfx"  -cacerts -nokeys -out cacerts.cer.

Step 5: Export the certificate

openssl pkcs12 -in "cep test ssl private key.pfx" -nokeys -out cert.pem

Place this all files in the SSL directory present under <TIBCO_HOME>/administrator/domain/<DOMAIN_NAME>/

Now you can use the DomainUtility to install the certificate for your domain. Visit Enabling HTTPS using DomianUtility if you are not sure on how to do it.