Importing Cert from Brocade ADX

Question

Dev,&nbsp;
 &nbsp;
I have a situation that I'm unsure what's going on, wanted to get some clarification. I currently have a Brocade ADX hosting a website doing SSL termination at the ADX. The plan is to migrate the cert from the ADX to the Big IP(6900 running 11.2) and use the current cert. I've not done this before, and I'm running into issues. I'm trying to import the key, and I'm able to get the key in with no issues. When I import the certificate, it comes in as a bundled cert, with the InCommon cert included in the certificate I download from the ADX. When I build the profile, it gives me an error saying the key doesn't match the cert, and won't let me continue forward. Any ideas, or how to move forward? My go live is the 25th so any help is greatly appreciated. I've also opened a support case, so maybe I can get some assistance there as well. Thanks in advance!&nbsp;

kevin_stewart · Answer

If both of these (key and cert) are in Base64 PEM format, open up the cert file in a text editor and strip out everything but the one certificate. Otherwise you'll need to convert to PEM format and do the same.

wixxyl_98682 · Answer

How can I tell if these are in PEM, and how can I tell which one is the correct cert? Sorry, I know this is kind of a newbie question, but I am still very new at SSL...

nitass · Answer

How can I tell if these are in PEM, and how can I tell which one is the correct cert?
SSL Converter (PEM Format topic)&nbsp;
https://www.sslshopper.com/ssl-converter.html&nbsp;
&nbsp;
Certificate Decoder&nbsp;
http://www.sslshopper.com/certificate-decoder.html&nbsp;
&nbsp;
hope this helps.&nbsp;

kevin_stewart · Answer

The fact that you had the private key separately probably means that the multiple certificates are either in PEM (base64) or DER (binary) format. Open it up in a text editor, or 'cat' it from the command line. If you see a bunch of characters that start and end with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", then it's in PEM format. If there are multiple certs in the file then you'll see them clearly delimited by these "headers". You'll need to open the file in a text editor or vi and separate them into individual files. Now that you have separate certificates, you can generally open them up in Windows with the CryptoAPI utility, or from the Linux shell with OpenSSL to see what they are: 
&nbsp;  
&nbsp; openssl x509 -in [path to cert] -noout -subject &nbsp;

kevin_stewart · Answer

Almost forgot. If you open the certificate in a text editor and you see a bunch of non-text gobbledeegook, then it's probably in DER format. Here's how to convert it to PEM with OpenSSL: 
&nbsp;  
&nbsp; openssl x509 -in [path to cert] -inform DER -outform PEM -out [path to new file] 
&nbsp;  
&nbsp; You can also do this to verify if it's in DER format: 
&nbsp;  
&nbsp; openssl x509 -in [path to cert] -inform DER -noout -subject &nbsp;

Forum Discussion

Importing Cert from Brocade ADX

5 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Security for IoT Devices and Why It’s Important

import f5!

Import SSL Cert

Import certificate as pfx format

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates