If you buy a certificate that’s a private key in PEM or another format, you must convert it to PKCS#12 to import it to your Fortinet Firewall, or Windows Server.
Certificate files can often be obtained in different formats. For example, the PEM format is often used in a Linux environment. Your files might have a certificate file, key file, and CSR file with the following extensions:
Most of the time CRT file contains the SSL certificate that was sent by the CA. The CSR file is the original certificate signing request file and is not needed once the CRT is obtained. The KEY file contains the private key. This file should not be shared.
To complete the conversion there are a couple of prerequisites that we need to verify.
Verify that OpenSSL is installed on the system. You can download OpenSSL from here.
You will also need the root certificate of the SSL certificate that was sent from the CA is on the system.
Convert a CRT File to PKCS#12
Copy the CRT and KEY files to the OpenSSL installation directory. For example:
/private/etc/ssl #(on my mac)
or use the command below to find it.
openssl version -a
Open a Windows command prompt and, if necessary, navigate to the OpenSSL installation directory.
Generate a PKCS#12 (PFX) Keystore file from the certificate file and your private key:
#openssl pkcs12 -export -out myserver.p12 -inkey myserver.key -in myserver.crt -certfile CACert.crt
In this example, CACert.crt is the name of the root certificate that was sent by the certificate authority.