When you generate a certificate, as described in the Generate and Download Client Certificates section, the LoadMaster creates a .pem file. Certificate-based authentication requires the certificate to be in PFX format to ensure compatibility with API requests made through a web browser or the LoadMaster Web User Interface (WUI). To enable this functionality, the certificate must first be converted to a .pfx file and then imported into the web browser. Similarly, for certificate-based authentication to work with PowerShell, a .pfx file is required.

There are several ways to convert the .pem file to .pfx. For the purposes of this document, we use OpenSSL. If you are using Windows, you may need to install OpenSSL to run these steps.

To create a .pfx file, follow the steps below:

  1. Open the .pem certificate.
  2. Copy from the start of the -----BEGIN CERTIFICATE----- section to the end of the -----END CERTIFICATE----- section.
  3. Paste this text into a new file.
  4. Save the file as <CerFileName>.cer.
  5. Go to the .pem certificate file again.
  6. Copy from the start of the -----BEGIN RSA PRIVATE KEY----- section to the end of the -----END RSA PRIVATE KEY----- section.
  7. Paste this text into a new file.
  8. Save the file as <KeyFileName>.key.
  9. Use the openssl command to create the .pfx file:

    openssl pkcs12 -export -out <NewFileName>.pfx -inkey <KeyFilename>.key -in <CerFileName>.cer

  10. Import the certificate to the web browser.