--- title: "Use Case: Converting SSL certificates to ASE compatible format" description: This topic discusses the commands involved in converting your SSL certificates to make them compatible with API Security Enforcer's (ASE) SSL certificate format. component: pingintelligence version: 5.1 page_id: pingintelligence::pingintelligence_converting_ssl_certificates canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/pingintelligence_converting_ssl_certificates.html revdate: June 5, 2024 section_ids: about-this-task: About this task steps: Steps example: Example: --- # Use Case: Converting SSL certificates to ASE compatible format This topic discusses the commands involved in converting your SSL certificates to make them compatible with API Security Enforcer's (ASE) SSL certificate format. ## About this task When PingIntelligence for APIs is deployed in sideband mode, ensure that the SSL certificates used by the gateway in `.pem` format. You can use OpenSSL for converting the certificates. To convert your SSL certificate from a `.crt` extension to a`.pem` extension: ## Steps 1. Run the following command to get ASE certificate details. ``` # openssl s_client -showcerts -connect : ``` ### Example: ``` openssl s_client -showcerts -connect 127.1.1.1:8443 ``` 2. Create a temporary certificate file `ase.crt` using the contents of the ASE certificate. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------- | | | Make sure to include the content starting from "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" in the temporary `ase.crt` file. | 3. Run the following command to convert the `ase.crt` certificate into a `.pem` file. ``` # openssl x509 -in ase.crt -out ase.pem ```