SSL Error

Hi,
i have a p7b and server certificate file to be imported but server is only accepting pem or pkcs#12.

i tried converting p7b to basex64 X.509 and imported it.but it gives certificate chain is broken error.any clue what might have happened?.

i even tried to remove the extra line at the end of the certificate.

certificate was received in email from external sources.

thanks in advance for help
Rajesh KondaveetiMiddleware ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
try this ssl convertor so far it is alright with p7b to pem (pub/private key) or pfx/p12 (private key)
https://www.sslshopper.com/ssl-converter.html

also cert bundle (cert trust chain) and root ca need to be imported otherwise you see the ssl error.

if you doing it manually (which I suggested not toavoid mistake like spaces in the creation etc) to create pem with the entire SSL cert trust chain. then do append the key as below and save the combined file as your_domain_name.pem to be imported again.

(1) - for public keys and trust cert chain and rootca
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your lowest Intermediate certificate: IntermediateCA1.crt)
-----END CERTIFICATE-----
(Replace with Base64 of your highest Intermediate certificate: IntermediateCAn.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your Root certificate: RootCA.crt)
-----END CERTIFICATE-----
(2) for private key and cert chain trust and rootca
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your lowest Intermediate certificate: IntermediateCA1.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your higher Intermediate certificate: IntermediateCAn.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Replace with Base64 of your Root certificate: RootCA.crt)
-----END CERTIFICATE-----
arnoldCommented:
openssl is the tool to use to convert the p7b to pfx.

The certificate was exported from what system??
At time the source is

What is the importing system ?
Rajesh KondaveetiMiddleware ConsultantAuthor Commented:
@Arnold,
i have used openssl to convert and also used IE to convert the certs.the source was e-mail(i downloaded it from outlook client) from security team.

i imported the cert to local folder and using FTP i had to show the path of ftp location in the server.importing system is AIX(Cisco Share and Show it uses tomcat)

this has actually worked last time but dont know what went wrong.

@Btan:
will try your method.

thanks for both of ya!
arnoldCommented:
If I am not mistaken, the p7b is an export including certificate chains.

For an identity certificate, you only need the public certificate only.
The other issue is that your cert likely is password protected, meaning the password needs to be stripped first.

OpenSSL has commonly used conversion commands

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rajesh KondaveetiMiddleware ConsultantAuthor Commented:
Thanks Arnold for the help. some how i remember we did not implement ssl as management felt the application was a low priority application after years of being used.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.