Importing an existing certificate and key pair
About this task
To install an existing certificate, complete the following steps and import the certificate into ASE. If you have intermediate certificate from a CA, then append the content to your server .crt file.
Steps
-
Create the key from the existing
.pemfile:openssl rsa -in private.pem -out private.key
-
Convert the existing
.pemfile to a.crtfile:openssl x509 -in server-cert.pem -out server-cert.crt
-
Import the key pair from step 2:
/opt/pingidentity/ase/bin/cli.sh import_key_pair private.key -u admin -p Warning: import_key_pair will overwrite any existing certificates Do you want to proceed [y/n]:y Exporting key to API Security Enforcer... OK, key pair added to keystore
-
Import the
.crtfile in ASE using theimport_certCLI command:/opt/pingidentity/ase/bin/cli.sh import_cert server-crt.crt -u admin -p Warning: import_cert will overwrite any existing signed certificate Do you want to proceed [y/n]:y Exporting certificate to API Security Enforcer... OK, signed certificate added to keystore
-
Restart ASE by stopping and starting.