Generate .p15 (PKCS#15) file with key/certificate?


#1

Kind of an oddball question, I expect, but since Let’s Encrypt is up and running and giving free, trusted TLS certs, I want to ENCRYPT ALL THE THINGS!! Including internal servers, which don’t really need trusted certs, but browsers are getting pickier all the time about dealing with self-signed certs.

The current example is an APC UPS with the Network Management Card 2. That card gives a pretty nice web UI, SNMP capabilities, etc., and supports TLS connections for the web UI. It also allows you to upload your own TLS cert to the unit, rather than relying only on an auto-generated cert on the unit.

The problem is that it requires the cert to be in a .p15 format. Some Googling last night didn’t turn up a great deal of information on this format, and what I did found seemed more related to smart cards than to anything I’m interested. I understand that it’s somewhat similar to PKCS#12, in that a private key and a certificate are bundled into the same file. Is there any way I can turn the cert/chain/key files from Let’s Encrypt into a .p15 file for the UPS?


#2

./pemtrans file.key file.crt keyset.p15 “common name” “password”

If pemtrans doesn’t work for your device, try the APC specific fork - https://github.com/freddy36/apc_tools


#3

Ah, I’d seen pemtrans, but didn’t quite see how it would work with my device. The APC fork, though, looks like just what I need. Thanks!


#4

Did you ever get something automated to use letsencrypt certs on APC equipment? The short expiration window kills any idea of doing this manually.

Thanks!


#5

No, I gave up on the idea. I wasn’t able to make pemtrans work, but even if I had I didn’t see that there was a way to automate deployment.