nativeInstallercodedx

Use a PFX certificate and private key

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

The Code Dx installer can accept CRT, CER and KEY files for SSL configuration. You can generate these from the PFX file with the OpenSSL binary.

Follow the steps below for your platform.

Linux and Mac OS X

NOTE: OpenSSL will typically already be installed on Linux and Mac OS X. If not installed, install it manually using your operating system’s package manager.

Follow the steps below:

  • Execute the following commands to generate the required files from your PFX file:

    $ openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer
    $ openssl pkcs12 -in domain.pfx -nocerts -nodes  -out domain.key
    $ openssl pkcs12 -in domain.pfx -nodes -nokeys -cacerts -out domain-ca.crt
    

    You will be prompted for a password as you execute each command. This is the password that was configured when the PFX file was first generated.

  • View the generated private key to see if it is encrypted. If the first line of the private key file contains the text BEGIN ENCRYPTED PRIVATE KEY, it is encrypted and you must decrypt it before proceeding. Execute the following command to decrypt the private key:

    $ openssl rsa -in domain.key -out domain-rsa.key
    

    Verify that the first line of the key now contains the text BEGIN RSA PRIVATE KEY, which indicates that it is no longer encrypted.

Once the necessary files are generated, select them in the “Configure SSL Settings” page of the installer and proceed with the installation in the usual manner.

Windows

NOTE: OpenSSL is not typically installed on Windows. Before following the steps below, download and install a binary distribution of OpenSSL.

Follow the steps below once OpenSSL is installed:

  • Set the OPENSSL_CONF environment variable to the location of your OpenSSL configuration file. Typically, this file is located in the bin/ subdirectory of your OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

    $ set OPENSSL_CONF=C:\OPENSSL-DIRECTORY\bin\openssl.cfg
    
  • Change to the bin/ sub-directory of the OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

    $ cd C:\OPENSSL-DIRECTORY\bin
    
  • Execute the following commands to generate the required files from your PFX file:

    $ openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer
    $ openssl pkcs12 -in domain.pfx -nocerts -nodes  -out domain.key
    $ openssl pkcs12 -in domain.pfx -nodes -nokeys -cacerts -out domain-ca.crt
    

    You will be prompted for a password as you execute each command. This is the password that was configured when the PFX file was first generated.

  • View the generated private key to see if it is encrypted. If the first line of the private key file contains the text BEGIN ENCRYPTED PRIVATE KEY, it is encrypted and you must decrypt it before proceeding. Execute the following command to decrypt the private key:

    $ openssl rsa -in domain.key -out domain-rsa.key
    

    Verify that the first line of the key now contains the text BEGIN RSA PRIVATE KEY, which indicates that it is no longer encrypted.

Once the necessary files are generated, select them in the “Configure SSL Settings” page of the installer and proceed with the installation in the usual manner.

Last modification September 3, 2018