Installing an existing wildcard SSL certificate (.PFX)

Posted on 27th October 2016

If you have an existing UCC/SAN or wildcard certificate, this can be imported into Foldr.

In the case of a SAN certificate you will need to add the Foldr common name (appliance URL) to the list of Subject Alternative Names.  Wildcard certificates are usually available / exported from other existing servers in PFX format which is commonly used in Microsoft Windows Server environments.

PFX Certificate Installation

A certificate in PFX format contains both the signed certificate and private key, as such you must extract each as individual files so they are available to install into the Foldr appliance.

If using a Windows workstation install OpenSSL complete package from (Mac OS X has OpenSSL built in):

http://gnuwin32.sourceforge.net/packages/openssl.htm

Open an elevated command prompt and change directory to:

C:\Program Files\GnuWin32\bin (copy your PFX here also) and issue the following commands:

1.  Extract the private key from the PFX file (assuming your PFX is called publicAndprivate.pfx) and write it to a PEM file called (privateKey.pem)
openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

  1. Extract the certificatefrom the PFX file (called publicCert.pem):

openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem

  1. Remove the password from the private key file (writes a new file called private.pem):

openssl.exe rsa -in privateKey.pem -out private.pem

Both files that you create at steps 1 & 2 will be written to the bin directory.  Please note, it is vital that you remove the password from the private key otherwise the certificate installation will fail.

Now browse to https://IP_of_Foldr:30537/settings and log in as fadmin.  Browse to the Certificates page and open your certificate, decrypted (password removed) private key, root and intermediate certificates for your CA in a text editor and paste into the relevant boxes.  Click Save and your certificate will be installed after several seconds.

Need more help?

Get in touch with our friendly help desk who will be happy to assist you, [email protected]