Thank You!!!! With this command I was able to get exactly what I needed. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of James JJ Hooper Sent: Tuesday, December 11, 2012 6:13 PM To: [email protected] Subject: Re: [WIRELESS-LAN] PEAP cert signed by 3rd party CA
On 11 December 2012 22:19, Hurt,Trenton W. <[email protected]> wrote: > No I’m actually using Idengines. I have exported including the key, > and now have a .pfx file. I need a .pem and private key file from the > pfx file. I have tried a few different openssl commands on the pfx > file, but have yet to get the right combo for the server. > IIRC+AFAIK IdEngines uses freeradius underneath. If that's true you can do: openssl pkcs12 -in yourcert.pfx -out cert-with-key.pem –nodes to get your key and certificate in PEM format in one file. Then split cert-with-key.pem in to two files [e.g. duplicate the file and delete the bit you don't want from each with a text editor] - one file then has just your private key in it, one then has just your server-cert in it. Then add the root ca cert and any chaining certs to your server cert *in order* (server-cert first [top of file], then any chaining [in order], then root [bottom of file]) e.g. cat my-server.pem chain1.pem chain2.pem root.pem > combined.pem The combined.pem and your-key.pem should be the two files you need. Kind regards, James -- James J J Hooper Senior Network Specialist, University of Bristol http://www.wireless.bristol.ac.uk -- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
