Using openSSL to merge a certificate and key from your F5

Just a quick one, I had to do this the other day with our certificate. I know that you can do this on the F5 through an SSH connection. But I decided to use the version I had installed on my Windows Desktop.

After a few moments of bashing my head against the proverbial brick wall I found that this was the way to do it.

For those interested I was doing this so that I could import our wild card certificate into my Citrix Gateway as the versions that I could download from verisign were not compatible and gave an error on import. In fact I will try to get a post up about that.

If you follow these steps you should end up with a cert that will have the Private key and will work if Citrix or VMware view for that matter.

  1. On the F5 export the Certificate file and key file. Copy them somewhere you can find them. I actually put mine in the OpenSSL folder. That way I didn’t have to worry about typing paths! Yes I am that lazy!!
  2. Open a command prompt and start OpenSSL
  3. Type the following pkcs12 -export -in .crt -inkey .key -out .p12
  4. You will see a message saying “loading ‘screen’ into random state – done
  5. It will then prompt for a password to allow the Private key to be exported. This is important for Applications like the Citrix Secure Gateway
  6. You will then see a message saying ” Verifying – Enter export password:” So go ahead and confirm your password

And that is it. Pretty straight forward when you know how, and you will have a nice new certificate with private key that can be exported.