PingIntelligence

Use Case: Converting SSL certificates to ASE compatible format

This topic discusses the commands involved in converting your SSL certificates to make them compatible with API Security Enforcer’s (ASE) SSL certificate format.

About this task

When PingIntelligence for APIs is deployed in sideband mode, ensure that the SSL certificates used by the gateway in .pem format. You can use OpenSSL for converting the certificates.

To convert your SSL certificate from a .crt extension to a.pem extension:

Steps

  1. Run the following command to get ASE certificate details.

    # openssl s_client -showcerts -connect  <ASE-IP>:<SSL-PORT>

    Example:

    openssl s_client -showcerts -connect 127.1.1.1:8443
  2. Create a temporary certificate file ase.crt using the contents of the ASE certificate.

    Make sure to include the content starting from "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" in the temporary ase.crt file.

  3. Run the following command to convert the ase.crt certificate into a .pem file.

    # openssl x509 -in ase.crt -out ase.pem