How to convert SSL certificate format using OpenSSL(For Omada SDN Controller)

The most common SSL certificates are defined by X.509. The digital certificates have different formats. Here’s a brief overview of several common formats of SSL certificates:

PEM: private key or certificate

CER: only certificate

DER: only certificate

CRT: only certificate

PFX: private key and certificate

P12: private key and certificate

JKS: private key and certificate

KEY: public key or private key

Omada Controller v5.0.30 or below supports SSL certificate in PFX and JKS format, which contains private key and certificate in one file. If the SSL certificate providers provides us with certificates in other formats, we can use OpenSSL(https://www.openssl.org/) to convert private key and certificate to PEM format at first, and then convert PEM certificate to PFX certificate.

Omada Controller v5.1 already supports PEM certificate, so we don’t need to convert PEM certificate to PFX/JKS certificate.

Following are the commands to convert certificate and private key to PFX format in OpenSSL.

1. Convert certificate and private key in PEM format to PFX format.

Openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem

Note: Export Password is the “Keystore Password” in Omada Controller.

privkey.pem is the private key in PEM format.

cert.pem is the certificate in PEM format.

certificate.pfx is the SSL certificate in PFX format.

2. Convert certificate in CRT, DER or CER format to PEM format.

openssl x509 -in cert.crt -out cert.pem -outform PEM

cert.crt is the certificate in CRT format. We also can replace it with certificate in DER or CER format.

cert.pem is the certificate in PEM format.

3. Convert private key in KEY format to PEM format.

openssl rsa -in private.key -out private.pem -outform PEM

Note: pass phrase is the password of private key.

private.key is the private key in KEY format.

Private.pem is the private key in PEM format.