Uly.me

cloud engineer

pem

SSL PEM Expiration

by

Find out when SSL expires from a PEM file.

$ openssl x509 -enddate -noout -in your.cert
notAfter=Jan  5 07:08:14 2032 GMT

notAfter date is returned.

Convert PPK to PEM

by

Convert PPK to PEM format.

  1. Open Puttygen.
  2. Click Load in the Actions section.
  3. Select the PPK file you wish to convert.
  4. Go to the Conversions menu and select Export OpenSSH key.
  5. Click Yes to convert key without a password.
  6. Name your private key and save it with a .pem extension.
  7. Click Save.

Your pem file should begin with “—–BEGIN RSA PRIVATE KEY—–” and ends with “—–END RSA PRIVATE KEY—–.”

You can also use puttygen in Linux. Install it first.

$ sudo apt-get install putty-tools

Convert your key.

$ puttygen yourkey.ppk -O private-openssh -o yourkey.pem

SSH to your server.

$ chmod 400 yourkey.pem
$ ssh -i yourkey.pem ec2-user@server-ip

SCP with a Key

by

SCP is a secure copy utility in Linux. You’ll need access to your system. In this example, a pem key is used to authenticate to a host. SCP copies filename.ext to the home directory of ec2-user. It’s important to add the target directory, otherwise it will not work.

Here’s how to use SCP with a key from local to server.

scp -i key.pem filename.ext user@server:/home/user

From server to local. Run the command from local machine.

scp user@server:/home/user/file.txt /local/directory

PFX to PEM

by

Here’s how to convert SSL certificate from PFX to PEM format. 

#!/bin/bash
 
echo "This script converts SSL certificates from PFX to PEM."
read -p 'Enter PFX Certificate Name  : ' cert_pfx
read -p 'Enter the Import Passphrase : ' import_passphrase
 
openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
sleep 3
openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

This was covered in an earlier post, but this script prompts you for the passphrase.

Here’s the expected output.

  • cert-key.pem
  • cert-body.pem
  • cert-chain.pem
  • cert-private.key

Convert PFX to PEM format

by

SSL certificates comes in multiple formats. Some providers will hand you over certificates in PFX format which comes in a single file. If you need to import it to AWS Certificate Manager, you will need to convert it from PFX to PEM format. The following set of commands uses OpenSSL and pkcs12 to convert a SSL certificate from PFX to PEM format.

openssl pkcs12 -in cert.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out server.key
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem

It result in 3 files.

  • server.key is the private key
  • cert.pem is the certificate
  • cert.pem and chain.pem are the full chain.

Once you have them, you can the proceed to import it to ACM.

SSL Certificate Import

SSL Certificates Explained

by

If you’re confused about the different formats and files that the Certificate Manager will accept in AWS, this site explains it fairly well. The Certificate Manager contains 3 fields during the import process. Certificate body, Certificate private key, and Certificate chain.

  • Server certificate > Intermediate certificate > Root certificate
  • Private RSA Key
  • Chain consists of Root and Intermediate