SSL Certificate (.pfx) import

Question

Hi All, 
As client SSL cert is expired, I have received a new cert from customer with .pfx extension. While trying to import that via
System -&gt; File Management -&gt; SSL Certificate List -&gt; Import -&gt; PKCS 12
I have been prompted to enter a password. Is it a random password I can choose or I need to ask our customer to provide me that password. The customer actually generated the CSR and get that signed by CA.

youssef1 · Answer

Hi,
when your client to generate the PFX he had to protect the PFX with a password (it's a best practice), especially since the PFX contain your private key. So you don't have to enter a random password but you have to asked to your customer the password that he configured/entered during PFX generation. More You may also be asked for the private key password if there is one!
Just for information, when you create a pfx using openssl for example you use this kind of command (create the pkcs12 file that will contain your private key and the certification chain):
openssl pkcs12 -export -inkey your_private_key.key  -in result.pem -name my_name -out final_result.pfx
You will be asked to define an encryption password for the archive (it is mandatory to be able to import the file in IIS for example). 
Regards,

Forum Discussion

SSL Certificate (.pfx) import

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Import certificate as pfx format

Creating, Importing and Assigning a CA Certificate Bundle

.pfx certificates monitoring

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate