- About This Guide
- Generating a Certificate Signing Request
- Server Certificate Requirements for Unified Communications
- Using ACME on Expressway-E
- View the Currently Uploaded Certificate
- Loading Certificates and Keys Onto Expressway
- Manage Certificate Revocation Lists (CRLs)
- Troubleshooting
- Generate Certificate Using OpenSSL Only
- Convert a DER Certificate File to PEM Format
- Decode Certificates
- Enable AD CS to Issue Client and Server Certificates
- Authorize a Request and Generate a Certificate Using Microsoft Certification Authority
Convert a DER Certificate File to PEM Format
A private key, root (CA) certificate and the server / client certificate can be generated using third-party tools (or purchased from a certificate authority), and may be generated as PEM (required format, extension .pem) or DER (extension .cer) format files.
Certificates must be in PEM format for use on the Expressway. Conversion from DER to PEM format is done either using OpenSSL or Windows, as documented in the following sections.
Convert a DER certificate file to a PEM file using OpenSSL
To convert from DER to PEM format, on a system running openssl, execute the command:
openssl x509 -in <filename>.cer -inform DER -out <filename>.pem -outform PEM
Convert a DER certificate file to a PEM file using Microsoft Windows
To convert from DER to PEM format using Microsoft Windows:
-
Double click the DER file to convert (this will likely have a ‘.cer’ extension)
-
Select the Details tab
-
Click Copy to File…
-
On the Welcome page, click Next
-
Select Base-64 encoded X.509 (.CER) and click Next
-
Click Browse and select required destination for file (e.g. server.pem) and then click Next
-
Click Finish
-
Change the filename from server.pem.cer to server.pem
-
This is used in the Load Certificates and Keys Onto Expressway section of this document.
Feedback