When implementing a KEMP LoadMaster load balancer, one of the first configuration tasks performed is importing root and intermediate Certification Authority (CA) certificates. When doing this, it is not uncommon to encounter the following error message.
Certificate Format Invalid.
To resolve this issue, .CER files must first be converted to .PEM format before being imported in to the LoadMaster. Using OpenSSL, .CER files can quickly be converted to .PEM with the following command.
openssl x509 -inform der -in example.cer -out example.pem
Optionally, .CER files can be converted to .PEM online here.
If the root and/or intermediate certificates are from an internal PKI, export the certificates using the Base-64 encoded x.509 (.CER) option. Certificates exported using this format can be imported directly in to the LoadMaster without first having to be converted to .PEM.
Pro tip: When entering the Certificate Name, it is not necessary to enter a file extension. The name will be appended with .PEM automatically upon import.
Additional Resources
DirectAccess Deployment Guide for KEMP LoadMaster Load Balancers
Maximize Your Investment in Windows 10 with KEMP LoadMaster Load Balancers
DirectAccess and the FREE KEMP LoadMaster Load Balancer
Configure KEMP LoadMaster Load Balancer for DirectAccess Network Location Server (NLS)
Planning and Implementing DirectAccess Video Training Course on Pluralsight
1 Comment