Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

How To Import SSL Intermediate Certificates To Your LoadMaster

Updated

The intermediate certificate(s) formats that are officially supported by the LoadMaster are .PEM .CER and .CRT. This article covers the steps to apply and upload intermediate certificate(s) and how to resolve any invalid certificate formats.

To import an Intermediate certificate to the LoadMaster, follow these steps:

  1. In the main menu, select Certificates & Security > Intermediate Certs.
  2. Click Choose File to select and upload the intermediate certificate(s).
  3. Type a Certificate Name and click Add Certificate.

The intermediate certificate(s) have now been uploaded the LoadMaster.

Invalid Certificate Formats

If you follow the steps to upload an intermediate certificate to the LoadMaster and receive a Certificate Format Invalid error, it means that the certificate file that you are trying to upload is unsupported or an invalid format.

CER file is used to store X.509 certificate. A CER file can only encoded and exported in Base-64 format in-order to upload to the LoadMaster. A CER file exported in a DER Binary format is not supported on the LoadMaster and the LoadMaster is unable to upload this format.

To convert a CER file into a PEM format can be converted using a SSL Converter Tool https://www.sslshopper.com/ssl-converter.html.

Steps to convert a certificate using SSL Converter Tool:-

  1. Go to the select Link https://www.sslshopper.com/ssl-converter.html.
  2. Under Certificate Conversion Options > Select the Certificate File.
  3. Select the corresponding format type of the selected Certificate file.
  4. Under Type to Convert > Select Standard PEM for the Type of certificate to convert to.
  5. Select Convert Certificate.
  6. This file format can be uploaded and applied to the LoadMaster. 
Was this article helpful?
0 out of 1 found this helpful

Comments

Avatar

Ingo Schmitt

I've uploaded a new intermediate certificate to the loadbalancer but it's not used. How can I enforce the usage?

0
Avatar

Nick Smylie

Hi,

Intermediate certificates do not get assigned nor need to, it happens automatically.. It should be getting chained correctly.

Did you do a cert chain test on SSL labs? If it is not getting chained I would assume the intermediate cert is wrong.

In the past I have had success with downloading the intermediate through the browser. Please see the article below for more info.

https://support.kemptechnologies.com/hc/en-us/articles/115002427603-How-to-Download-an-Intermediate-Cert-From-Browser

0
Avatar

Ingo Schmitt

The intermediate is fine, we just need to replace ist since the old chain is no more valid (https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020)
The same file woks on apache without any problem.

0
Avatar

Nick Smylie

Hello,

Intermediate certificates should not need to be replaced if you are using the same CA as far as I know. Again no further action is needed nor can be done on the LM once the intermediate is installed.

I would think either the intermediate is wrong or the chain is not valid. I will open up ticket so our support team can investigate further with you.

0
Avatar

Ingo Schmitt

Thank you. After deleting all intermediate certificates and reinstalling all of them it works. It seams that some intermediates where used by multiple certificates.

0
In this document