You can check for applicable rules or instructions provided by the CA (if any) alongside the certificate.
Below are examples of certificate and certificate chain formats. Please confirm that the formats are correct before the uploading:
Certificate issued by a root CA: PEM format on Linux, as shown below:
Certificate rules:
Certificate chain from an intermediate CA:
——-BEGIN CERTIFICATE——-
——-END CERTIFICATE——-
——-BEGIN CERTIFICATE——-
——-END CERTIFICATE——-
——-BEGIN CERTIFICATE——-
——-END CERTIFICATE——-
Certificate chain rules:
Below is an example:
An RSA private key can include all private keys (RSA and DSA), public keys (RSA and DSA), and (x509) certificates. It stores data in Base64-encoded DER format and is wrapped by ASCII headers, making it suitable for transmission in text mode between systems.
RSA private key rules:
If your private key does not start with "——-BEGIN PRIVATE KEY——-" or end with "——-END PRIVATE KEY——-", you can convert it in the following way:
openssl rsa -in old_server_key.pem -out new_server_key.pem
You can then upload the new_server_key.pem
content together with the certificate.
Currently, CLB only supports certificates in PEM format. Certificates in other formats need to be converted to PEM format before they can be uploaded to CLB. We recommend you use OpenSSL to convert the format. The following shows how to convert several popular certificte formats to PEM.
DER format is generally used on Java platforms.
Certificate conversion: openssl x509 -inform der -in certificate.cer -out certificate.pem
Private key conversion: openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
P7B format is generally used on Windows Server and Tomcat.
Certificate conversion: openssl pkcs7 -print_certs -in incertificat.p7b -out outcertificate.cer
You need to get the content of "——-BEGIN CERTIFICATE——-" and "——-END CERTIFICATE——-" in outcertificat.cer
and upload it as certificate.
Private key conversion: Private keys can generally be exported on IIS servers.
PFX format is generally used on Windows Server.
Certificate conversion: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Private key conversion: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
You can convert certificates in CER/CRT formats to PEM by directly modifying their file extensions. For example, you can directly rename the "servertest.crt" certificate file to "servertest.pem".
Was this page helpful?