Posts

Stefan Helander

How to convert a certificate PFX file to CRT/KEY using openssl

/0 Comments/in , /by

Your PFX certificate file is protected with a password. It can be converted to CRT and KEY files using SSL:

openssl pkcs12 -in certfile.pfx -nocerts -out keyfile-encrypted.key

When you enter this command you will be asked to type in the pfx file password in order to extract the key. You will be asked to enter a passphrase for the encrypted key. The key will be stored in keyfile-encrypted.key.

The exported keyfile is encrypted but you might need it in unencrypted format. To unencrypt the key, do:

openssl rsa -in keyfile-encrypted.key -out keyfile.key

You will be asked for the passphrase that you entered in the previous step. The unencrypted key will be stored in keyfile.key.

Then it is time to extract the certificate:

openssl pkcs12 -in certfile.pfx -clcerts -nokeys -out certfile.crt

Again, you will need to enter the pfx file password in order to extract the certificate. The certificate will be stored in certfile.crt.

Stefan Helander

Microsoft Office 365 SSL certificate error in Outlook [solved]

/0 Comments/in , /by

Clients moving over to Office 365 who had purchased a valid SSL certificate for their mail server still got SSL certificate errors in Outlook and mobile clients. This was despite the mail service was equipped with a valid SSL certificate (not self signed, but issued by a real CA).

It turns out here that Outlook seems to investigate https root domain (i.e. the customer’s web site) for auto configuration before trying autodiscover.customerdomain.com. And if there is no valid SSL certificate installed on the customers web site, an error is displayed. This was verified by examining the customer’s web site logs where we could se repetitive accesses to /autodiscover/autodiscover.xml.

If only Outlook just would have ignored the SSL error and continued to the next method….

A simple solution was just to add a valid SSL certificate to the customer’s web site, and the problem was solved. That way Outlook didn’t get SSL certificate error when trying to retrieve the non-existing autoconfiguration information from the customer’s web site.