Skip to main content
Delphix

Extracting PEM Certificates from a .p7b Bundle File (KBA1859)

  1. Last updated
  2. Save as PDF
 

 

KBA

KBA#1859

Troubleshooting How to Extract PEM Certificates

The Delphix engine requires certificates to be in the X.509 standard, and JKS or PKCS#12 file formats are supported. It must contain a list of the entire trust chain from the newly generated end-entity certificate to the root CA.  If a JKS or PKCS#12 file format is not available then the certificate can be copied to the engine in a Base 64/PEM format. They can be just pasted back to back in the 'Paste PEM file contents' text box as long as they are separated by the BEGIN CERTIFICATE and END CERTIFICATE certificate tags.  The order that the PEM certificates are added to the list does not matter. Please see screenshot example below:

clipboard_e0bec3b0ed15eeff41577f82255359bd7.png

Often a .p7b certificate bundle will be supplied, rather than certificates that are broken out with root and intermediate certificates. The .p7b file cannot be directly uploaded to the engine. The easiest way to deal with this is to break out the .p7b into the individual certificates. This KB will outline how to break out the root and intermediate certificates on Windows and Linux/MAC. 

Resolution 

On Mac and Linux 

OpenSSL can be used:

Starting with the p7b file:

MacBook-Pro:certs adamsmith$ cat certnew.p7b

----BEGIN CERTIFICATE-----
MIID3wYJKoZIhvcNAQcCoIID0DCCA8wCAQExADALBgkqhkiG9w0BBwGgggO0MIIB
ODCB36ADAgECAgEBMAkGByqGSM49BAEwHjEcMAkGA1UEBhMCUlUwDwYDVQQDHggA
VABlAHMAdDAeFw0xMzAxMDEwMDAwMDBaFw0xNjAxMDEwMDAwMDBaMB4xHDAJBgNV
BAYTAlJVMA8GA1UEAx4IAFQAZQBzAHQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AASSM8+5oy6YmNlDzGQp///RagVip9ps075ucOJtWSFqWI4/evK4At1mt51YCNhI
PWJA9tOvA/akJH5pJpgg6DiYow8wDTALBgNVHQ8EBAMCAAIwCQYHKoZIzj0EAQNJ
ADBGAiEAlqf708TMBMGQX8mJ6lTe7/h9kzL5J2sbr2WT9FtEQT4CIQDQfwzUOEPJ
Z+ESbR1tUiW9DpI/IG7AgW6wrpivgR3/WjCCATgwgd+gAwIBAgIBATAJBgcqhkjO
PQQBMB4xHDAJBgNVBAYTAlJVMA8GA1UEAx4IAFQAZQBzAHQwHhcNMTMwMTAxMDAw
MDAwWhcNMTYwMTAxMDAwMDAwWjAeMRwwCQYDVQQGEwJSVTAPBgNVBAMeCABUAGUA
cwB0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkjPPuaMumJjZQ8xkKf//0WoF
YqfabNO+bnDibVkhaliOP3ryuALdZredWAjYSD1iQPbTrwP2pCR+aSaYIOg4mKMP
MA0wCwYDVR0PBAQDAgACMAkGByqGSM49BAEDSQAwRgIhAJan+9PEzATBkF/JiepU
3u/4fZMy+SdrG69lk/RbREE+AiEA0H8M1DhDyWfhEm0dbVIlvQ6SPyBuwIFusK6Y
r4Ed/1owggE4MIHfoAMCAQICAQEwCQYHKoZIzj0EATAeMRwwCQYDVQQGEwJSVTAP
BgNVBAMeCABUAGUAcwB0MB4XDTEzMDEwMTAwMDAwMFoXDTE2MDEwMTAwMDAwMFow
HjEcMAkGA1UEBhMCUlUwDwYDVQQDHggAVABlAHMAdDBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABJIzz7mjLpiY2UPMZCn//9FqBWKn2mzTvm5w4m1ZIWpYjj968rgC
3Wa3nVgI2Eg9YkD2068D9qQkfmkmmCDoOJijDzANMAsGA1UdDwQEAwIAAjAJBgcq
hkjOPQQBA0kAMEYCIQCWp/vTxMwEwZBfyYnqVN7v+H2TMvknaxuvZZP0W0RBPgIh
ANB/DNQ4Q8ln4RJtHW1SJb0Okj8gbsCBbrCumK+BHf9aMQA=
-----END CERTIFICATE-----
 

Run the following command OpenSSL command, this will create a new file with each individual certificate:

openssl pkcs7 -inform PEM -outform PEM -in certnew.p7b -print_certs > certificate.cer

Catting the new file shows each of the certificates in order:

MacBook-Pro:certs adamsmith$ cat certificate.cer

-----BEGIN CERTIFICATE-----
MIIBODCB36ADAgECAgEBMAkGByqGSM49BAEwHjEcMAkGA1UEBhMCUlUwDwYDVQQD
HggAVABlAHMAdDAeFw0xMzAxMDEwMDAwMDBaFw0xNjAxMDEwMDAwMDBaMB4xHDAJ
BgNVBAYTAlJVMA8GA1UEAx4IAFQAZQBzAHQwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAASSM8+5oy6YmNlDzGQp///RagVip9ps075ucOJtWSFqWI4/evK4At1mt51Y
CNhIPWJA9tOvA/akJH5pJpgg6DiYow8wDTALBgNVHQ8EBAMCAAIwCQYHKoZIzj0E
AQNJADBGAiEAlqf708TMBMGQX8mJ6lTe7/h9kzL5J2sbr2WT9FtEQT4CIQDQfwzU
OEPJZ+ESbR1tUiW9DpI/IG7AgW6wrpivgR3/Wg==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
HggAVABlAHMCNhIPWJA9tOvA/akJH5pJpgg6DiYow8wDTALBgNVHQ8EBAMCAAIwC
QYHKoZIzj0EAQNJADBGAiEAlqf708TMBMGQX8mJ6lTe7/h9kzL5J2sbr2WT9FtEQ
T4CIQDQfwzUOEPJZ+ESbR1tUiW9DpI/IG7AgW6wrpivgR3/Wg==AdDAeFw0xMzAx
MDEwMDAwMDBaFw0xNjAxMDEwMDAwMDBaMB4xHDAJBgNVBAYTAlJVMA8GA1UEAx4I
AFQAZQBzAHQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASSM8+5oy6YmNlDzGQp
MIIBODCB36ADAgECAgEBMAkGByqGSM49BAEwHjEcMAkGA1UEBhMCUlUwDwYDVQQD
///RagVip9ps075ucOJtWSFqWI4/evK4At1mt51Y

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
gNVBAYTAlJVMA8GA1UEAx4IAFQAZQBzAHQwWTATBgcqhkjOPQIBBggqhkjOPQMBf
MIIBODCB36ADAgECAgEBMAkGByqGSM49BAEwHjEcMAkGA1UEBhMCUlUwDwYDVQQD
HggAVABlAHMAdDAeFw0xMzAxMDEwMDAwMDBaFw0xNjAxMDEwMDAwMDBaMB4xHDAJ
BgNVBAYTAlJVMA8GA1UEAx4IAFQAZQBzAHQwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAASSM8+5oy6YmNlDzGQp///RagVip9ps075ucOJtWSFqWI4/evK4At1mt51Y
CNhIPWJA9tOvA/akJH5pJpgg6DiYow8wDTALBgNVHQ8EBAMCAAIwCQYHKoZIzj0E
lTe7/h9kzL5J2sbr2WT9FtEQT4CIQDQfwzUOEPJZ+ESbR1tUiW9DpI/IG7AgW6wr
pivgR3/Wg==AQNJADBGAiEAlqf708TMBMGQX8mJ6
-----END CERTIFICATE-----

This can now be copied directly into the engine.

On Windows 

Start with the file:

clipboard_ebc93ffad4c964d80b731c770a5924caf.png

Open it to view the contents:

clipboard_e004426cdfa43655984907787f0d87199.png

Double click the first certificate and select the details tab then press Copy To File:

clipboard_e7ec7769baebc66f1d7cb473f9464a9d0.png

This will open the Certificate Export Wizard, Select to export as Base-64 encoded:

clipboard_e441be786f732af06b82e47bc5371d8bf.png

Select an export location:

clipboard_e630b232a578087eec95e3fad7ccefae0.png

Press finish:

clipboard_e3e8ba0b708b832ff2abe3ac829080581.png

The certificate is now exported.

clipboard_ee65c9aa262845ba69b1d3b7b674179ba.png

This process will need to be run for each Certificate inside the p7b bundle. In the example above this would be two more times.

Once they are all exported the Certificates can be then uploaded to the Delphix engine.

 

Privacy Policy Terms of Use Legal About
© 2024 Delphix Corp