How To Import SSL Certificates To Your LoadMaster
To import an SSL certificate to the LoadMaster, navigate to Certificates & Security > SSL Certificates > Import Certificate.
The two formats officially supported by the LoadMaster are .PEM and .PFX. However, other formats can also be imported to the LoadMaster. This article covers the .PEM, .PFX. and .CER certificate formats and the variations in which they can be added to the LoadMaster.
Figure 1.1 – Importing Certificates
PFX (PKCS#12) Certificate Format
PFX or PKCS#12 format is a binary format for storing a server certificate, intermediate certificates, and the private key all in one encrypted file. PFX files can have the extensions .pfx and .p12. If the PFX format contains the private key, the key file does not have to be imported.
To import a PFX format certificate containing a private key, add the .pfx or .p12 certificate file, the pass phrase configured when creating the PFX certificate file, and the Certificate Identifier which is the name that used to identify the certificate on the LoadMaster.
Figure 1.2 – PFX Certificate File Import (PFX File Containing Private Key)
To import a PFX format certificate not containing a private key, add the .pfx or .p12 Certificate File, Key File, and the Certificate Identifier. Afterwards, click Save.
Figure 1.3 - PFX Certificate file Import (PFX File Not Containing Private Key)
PEM (X.509v3) Certificate Format
The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line. The .PEM certificate format that may include just the public certificate, or may include an entire certificate chain including public key, private key, and root certificates. If the .PEM certificate contains the private key within it, you will need to add the Certificate File, Pass Phrase, and Certificate Identifier and click Save.
Figure 1.4 – PEM Certificate File Import (PEM File Containing Private Key)
If the .PEM certificate does not contain the private key within it, you will need to add the Certificate File, Key File, and Certificate Identifier and click Save.
Figure 1.5 - PEM Certificate File Import (PEM File Not Containing Private Key)
CER (X.509) Certificate Format
CER file is used to store X.509 certificate. The file contains information about certificate owner and public and private certificate keys. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM). Windows recognizes either of these layouts. Though the .CER certificate file contains information about the private key, it does not contain the private key file and should be included when importing the .CER certificate file to the LoadMaster. To import a .CER certificate file, add the Certificate File, the Key File, and the Certificate Identifier.
Figure 1.6 – CER Certificate File Import
Loading a Root CA Certificate as an intermediate certificate on the LoadMaster is the correct method. If this is causing issues I would recommend opening a support ticket so we can see exactly what is occurring with this test and troubleshoot the issue further.
I was looking in the interface as well as on this website. But I wasn't able to find a method to load a private CA certificate into KEMP. We publish a lot of servers internally with AD integrated Enterprise Root CA certificates. I want them to be trusted by KEMP. How can I achieve that? Already tried loading it as Intermediate certificate, but LoadMaster then fails Real Server tests.