Hi Marvin,

I have configured OpenSSL and I am using it to attempt to run through this guide - https://www.linkedin.com/pulse/anyconnect-ftd-pkcs12-openssl-matt-albrecht/

Issue I am now having is seen below and the first command is failing..

openssl pkcs12 -in <id_cert.pfx> -nocerts -out privateKey.key

User@B3SH4FS3 MSYS /c/Users/User/Downloads
$ openssl pkcs12 -in cert-wildcard-2024.pfx -nocerts -out privateKey.key
E82D0000:error:068000A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1186:
E82D0000:error:0688010A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:349:Type=PKCS12

I have changed the cert file format to pfx and it is in my downloads folder and shows via the openssl ls command..

@NetworkMonkey101 most likely your certificate file "cert-wildcard-2024.pfx" is not a binary blob with the certificate and private key but it instead a Base64-encoded certificate. You can check it via opening with a text editor to confirm.

You must first export the certificate and key from ASA or FTD as a PKCS12 (*.p12 file) which will include the private key. HAving that private key is a requirement to make the certificate "portable".

It then needs to be converted from base64 to pem (*.pfx file) format using openssl.

If you don't currently have a good certificate, you can follow this method: https://www.fragmentationneeded.net/2015/04/exporting-rsa-keys-from-cisco-asa.html

You can then export with the chain via openssl.

PS C:\Program Files\OpenSSL-Win64\bin> ./openssl base64 -in .\<cert name>.p12 -d -out .\<cert name>.pfx
PS C:\Program Files\OpenSSL-Win64\bin> ./openssl pkcs12 -info -in .\<cert name> -nodes