Import certificate to NSX Edge

Normally when I get a certificate from a customer I often get it in PFX format, but NSX Edge wants it in PEM format. What often is confusing here is that the when converting the PFX the private key gets out in the PKCS8 format but Edge wants the private key in PKCS1 format.

Here is a write-up of the conversion. You will need OpenSSL on the machine that you work on windows, UNIX or macros doesn’t matter.

First, we will need to spit the PFX into .crt and .key with these two commands

Now we need to convert the private.key from PKCS8 to PKCS1 format with this command

Now you can go to your NSX Edge and import the certificate with .crt and pricate_pkcs1.key files

Later on, I have found that I need to import the certificate with the intermediate certificate of the signing 3. party. In my case its GoDaddy.
To do this we convert the certificates to .PEM and afterward.

Then we can convert the cert to pem and put the two certificates in the same file.

Now you can paste this into the load balancer. There must be an easier way to do it, if you find one then please ping me.

Edit: Found a couple of other OpenSSL commands that I from time to time struggle to find.

Was this post helpful?

Jesper Ramsgaard

Leave a Reply

Your email address will not be published. Required fields are marked *