Most Certificate Authorities (CAs) issue certificates in PEM format. PEM certificates typically have extensions like .pem, .crt, .cer, and .key.
The PEM format uses the header and footer lines
-----BEGIN CERTIFICATE----- and
Other certificate formats include the DER/Binary, P7B/PKCS#7, and PFX/PKCS#12 formats. The AeroFS Appliance requires a certificate in PEM format in step 9 of theappliance setup. This certificate will be used to ensure secure transactions between your appliance and users’ web browsers.
Converting Your Existing Certificate To PEM Format
If your certificate is not in PEM format, you can convert it to the PEM format using the following OpenSSL commands:
Convert DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
Alternatively, you can use this SSL converter tool.
Removing Passphrase From Existing Private Key File
If you try to upload a passphrase-protected private key file, you will get a “key is invalid” error message. To fix this you will need to remove the passphrase from your private key file and upload the passphrase-free private key file to your appliance. You can remove the passphrase as follows:
openssl rsa -in example.key -out example.nocrypt.key
2. Enter your passphrase.