Extract Key and Certificate from Kemp Loadmaster?

Posted by Matt Simmons on Server Fault See other posts from Server Fault or by Matt Simmons
Published on 2011-01-24T01:01:18Z Indexed on 2011/02/05 7:27 UTC
Read the original article Hit count: 1027

Filed under:
|
|

I'm trying very hard to get away from a set of Kemp Loadmasters that I bought years ago to provide HA access to our website. Part of that process is going to be putting the key and certificate in the new solution (HAproxy with nginx doing SSL). Unfortunately, I've come up against a problem...

The Kemp has built-in certificate management, and it generates CSR's at the touch of a button. It also supported importing of signed certificates, however it does not, so far as I can tell, allow any kind of export of the key itself.

There is a "backup key and certificates" ability, however here's the text from the manual:

LoadMaster supports exporting of ALL certificate information.  
This includes private key, host and intermediate certificates.  
The export file is designed to be used for import into another 
LoadMaster and is encrypted.  Export and import can be completed 
using the WUI at Certificates -> Backup/Restore Certs.  Please 
make sure to note the pass phrase used to create the export, it 
will be required to complete the import. 

You can selectively resort only Virtual Service certificates 
including private keys, intermediate certificates or both.

Well, that is great, but as for actually DEALING with the certs, I'm apparently out of luck.

Of course, I'm not going to give up that easily. I ran "file" on the saved cert bundle and got this:

$ file client1.certs.backup 
 client1.certs.backup: gzip compressed data, from Unix

Well, awesome, I thought. Maybe it's just a .tar.gz, so I unzipped it, and that went fine, but my attempts to untar it didn't work, and running "file" on it now just gives this:

$ file client1.certs.backup 
client1.certs.backup: data

So that's where I'm stuck. Anyone have experience with these?

© Server Fault or respective owner

Related posts about load-balancing

Related posts about openssl