For EST enrollment, Certificate Enrollment Gateway uses a web front end. The web front end requires an SSL certificate to terminate SSL connections coming from EST clients. The SSL certificate must be stored in a PKCS #12 (P12) file. This P12 file must contain a single server public key and private key pair.
The private key and certificate contained in the P12 file must be the same private key and certificate (not certificate chain) used for the cluster. For information about this private key and certificate, see Issuing TLS certificates for Certificate Enrollment Gateway.
You can use OpenSSL to create the P12 using the private key and certificate. You can use the following OpenSSL command to create the P12 file:
openssl pkcs12 -export -out <p12-file> -inkey <private-key> -in <certificate>Where:
<p12-file>is a path and file name for the P12 file.<private-key>is the path and file name of the private key file.<certificate>is the path and file name of the TLS certificate.
For example:
openssl pkcs12 -export -out cluster.p12 -inkey servernokey.key -in server.crt