OpenSSL cannot convert PKCS12 exported from Cisco ASA 55xx

ssl-certificate openssl cisco-asa

Solution 1:

This is strange. I have the same problem and found this question to have no answer. I then did more searching and found a yaleman.org post that says they found the answer and linked to this very question. Yet there was no answer here. Retroactively fixing that, full props to yaleman.

Long and short: You need to convert the pfx from Base64 to openssl's binary format.

$ openssl enc -base64 -d -in certfile.pfx -out converted.pfx

Then you can convert it to a PEM and get the key or cert separately.

$ openssl pkcs12 -in converted.pfx -out bundle.pem -clcerts -nodes

Solution 2:

If you have trouble with the decode, check your file and delete any blank lines in it. Our ASA was saving them with leading blanks and openssl doesn't like that.

Related

DNS errors after changing nameservers for Cloudflare
FastCGI cache is always a MISS
Disable authentication for HTTP OPTIONS method (preflight request) in Nginx
How would a PCAP filter look like to capture all DHCP related traffic?
Get-AzureRmResourceGroup not returning resources from current subscription
Copy folder and its subfolders from puppet master to agent
how can I mount a windows share with rw access?
How to refer to an existing uid and gid in Ansible?
Unix / Linux command to see finished or killed processes
How to improve AWS RDS Performance - Heavy read write updates
OpenSSL - Add Subject Alternate Name (SAN) when signing with CA
Getting Too many Open files error for Postgres