Tag Archive: openssl

To request a certificate for MAC and Linux:
– SCEP ===> MAC compatible. linux: problem: client SCEP ?
– request a certificate from Linux, MAC using openssl


1) prepare the certificate request:


2) submit the certificate request to https://serverweb.mydomain.local/certsrv or using certutil windows command from a jump server (request manual approval or automatic approval; depending of the Windows certificate template settings

3) install the certificate issued with the full key chain (format .p7b) on Linux (Ubuntu):



To view the certificates chain:

openssl pkcs7 -in certnew.p7b -print_certs

To extract the .cer view the certificates chain:

openssl pkcs7 –print_certs –in certnew.p7b –out cert.cer

To convert a .cer into a .pfx:

openssl pkcs12 –export –out cert.pfx –inkey privatekey.key –in cert.cer –certfile cert.crt

Copy the .crt under /usr/share/ca-certificates

Sudo cp cert.crt /usr/share/ca-certificates/cert.crt

Update the certificate store (requires a .crt file, else it cannot pick up):

update-ca-certificates is a program that updates   the   directory /etc/ssl/certs to hold SSL certificates and generates certificates.crt,a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines that begin with “#” are comment lines and thus ignored. Lines that begin with “!” are deselected, causing the deactivation of the CA certificate in question. Furthermore   all   certificates   found   below   /usr/local/share/ca-certificates are also included as implicitly trusted.

Sudo update-ca-certificates


for MAC: http://apple.stackexchange.com/questions/80623/import-certificates-into-system-keychain-via-the-command-line

Other resources:





Additionally: transforming .cer to .pem or vice-versa: https://www.sslshopper.com/ssl-converter.html

Cent OS authentication with AD but no kerberos (certificate only): http://htfdidt.blogspot.fr/2014/06/centos-6-with-active-directory.html





How to create and deploy a client certificate for MAC: http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/how-to-create-and-deploy-a-client-cert-for-mac-independently-from-configmgr.aspx

Transforming .cer to .pem or vice-versa: https://www.sslshopper.com/ssl-converter.html

using openssl to convert a certificate format to another format: https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them

Exporting a private key: https://technet.microsoft.com/en-us/library/cc754329.aspx