Certificate Format For AI Center

What is the right format for domain certificate in AI Center?

The SSL certificate format needs to be in PEM format with public key(.pem/.crt/.cer)and a private key file(.key/.pem)

Most of the times, the certificates shared would be containing the root as well as intermediate certificates and would be in PKCS#12 format (with .pfx extension) containing the private key as well.

To extract the pem certificate file and a separate private key file, follow the steps below:

  1. Take the file exported (e.g. certname.pfx) and copy it to a system where you have OpenSSL installed
  2. Run the following command to export the private key

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes

  1. Run the following command to export the certificate

openssl pkcs12 -in certname.pfx -nokeys -out cert.pem

  1. Run the following command to remove the passphrase from the private key. This would ask for passphrase which is required to be entered. Only required in case private key is protected with passphrase

openssl rsa -in key.pem -out server.key

  1. Incase root, intermediate and leaf certificates are present in separate certificate files, combine them as below:

cat leafcert.pem intermediate.pem rootcert.pem > combined_cert.pem

Note: In case of any issue in running above commands then reach out to internal IT team and they should be able to generate certificates easily.

To verify the format, open both certificates(public and private key) in notepad and ensure those must be in below format:

-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- a private key in PEM format.

-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- a certificate file/public key in PEM format

There must not be any extra attribute in the certificate files.

1 Like