To secure the BridgeService, Windows requires a single certificate file with the .pfx extension. To prepare this file you
need the .pem file you just created and the third-party conversion tool: OpenSSL.
Prerequisites: You have administrator privileges. You are working on the PC that houses your Supervisor station.
- Download the OpenSSL tool from the Internet and install it in the folder that contains the .pem file.
OpenSSL is a Windows command prompt utility. You can download it from:
https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
- Open a Windows cmd prompt and change directories to the folder that contains the .pem file.
- Run this command:
openssl pkcs12 —export —out certxprotect.pfx —in certxprotect.pemwhere certxprotect.pfx is the name of both of the output .pfx and input .pem files.
OpenSSL prompts: Enter pass phrase for certxprotect.pem:
- Enter the password you created for the .pem file’s private key.
For security, the cursor does not advance as you enter the password.
OpenSSL prompts: Enter Export Password:
- Enter a password to protect the .pfx file’s private key.
OpenSSL prompts: Verifying — Enter Export Password.
- Enter the same .pfx password to verify it.
OpenSSL returns to the command prompt.
- If OpenSSL reports: unable to write ‘random state’, enter: $env:RANDFILE=”.rnd” at the command prompt.
The message means that no default filename is known because neither RANDFILE nor HOME is set. As a result, the program cannot
create the .pfx file. Only the OpenSSL command line tools use the $RANDFILE environment variable and $HOME/.rnd commands.
- After setting RANDFILE, execute the openssl command again.
- Confirm that the .pfx file is now in the folder with the .pem certificate file.
You are ready to import this file into the Windows certificate store.