For secure, trusted access you must install an SSL server certificate on ScaleArc. The uploaded certificate file must have the following characteristics:
- The server certificate must be issued by a Certification Authority (CA) that is trusted by end users.
- The certificate must be in Privacy Enhanced Mail (PEM) format, a text-based format that is a Base64 encoding of the binary Distinguished Encoding Rules (DER) format.
If you have requested and installed a certificate onto Windows Server certificate store, you can export that certificate with its private key to a Personal Information Exchange (PFX) file.
The certificate of the CA that is signed can be exported from the trusted location to a DER file.
To upload this certificate onto ScaleArc, you must convert the PFX file to the unencrypted PEM format.You can use the open-source utility OpenSSL to perform the conversion from PFX to PEM. Download a Win32 distribution of OpenSSL from Win32 OpenSSL.You might also need C++ re-distributable files if you want to use OpenSSL download from Microsoft Visual C++ 2008 Redistributable Package (x86).To convert a PFX file to a PEM file, complete the following steps on a Windows machine:
- Download and install the Win32 OpenSSL (Win32 OpenSSL v0.9.8i) package from Win32 OpenSSL.
- Take the files you exported (e.g. CertPriv.pfx, CA_cert.cer) and copy it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
Run the command below to get the certificate out. Enter the password when prompted.
4. Run the command below to get the private key out. Enter the password when prompted.
5. Run the following command to convert the CA certificate (CA_cert.cer) which is in the DER format to PEM.
If there is a passphrase on the certifcate file that you would like to remove, execute the following command.
Note: If the conversion gives an error it may mean that the certificates are not in the DER format.