To enable the HTTPS domain domainutility required the PEM format certificate. But, some users get the pfx certificate from the third party. Also sometime faces the below error while trying to enable the https domain.
com.tibco.security.AXSecurityException: No certificates encoded in supported ways were found Caused by: com.tbco.security.AXSecurityException: java.security.cert.CertificateException: Error in parsing certificate: java.lang.String incompatible with java.math.BigInteger
Use the below steps to convert the certificate in PEM format.
Step 1: Obtaining the embedded private key in PEM format
openssl pkcs12 -in "cep test ssl private key.pfx" -nocerts -out key.pem -nodes
Step 2: Converting PEM key into a PKCS#8 key and name it “key.p8”
Uses the private key obtained in step 1 above and converts it to PKCS#8 format.
openssl pkcs12 -topk8 -inform PEM -outform PEM -in key.pem -out key.p8.
Step 3: Extract Server certificate , Obtaining the embedded certificate without any keys
openssl pkcs12 -in "cep test ssl private key.pfx" -clcerts -nokeys -out Server_cert.cer.
Step 4: Extract CA Chain certificates
openssl pkcs12 -in "cep test ssl private key.pfx" -cacerts -nokeys -out cacerts.cer.
Step 5: Export the certificate
openssl pkcs12 -in "cep test ssl private key.pfx" -nokeys -out cert.pem
Place this all files in the SSL directory present under <TIBCO_HOME>/administrator/domain/<DOMAIN_NAME>/
Now you can use the DomainUtility to install the certificate for your domain. Visit Enabling HTTPS using DomianUtility if you are not sure on how to do it.