03-27-2022 04:34 PM
I am trying to protect PowerSchool SIS via SAML and according to their documentation, they require a .PFX certificate to be uploaded. Are there any plans to support downloading the certificate from the protected applications in .PFX format in Duo?
03-29-2022 06:19 AM
Hi @Jderoy, Welcome to the Duo Community! Thanks for sharing your question here. There are no plans at this time to support PFX certificates. There is an open feature request for this functionality, however, that is under consideration. You can add your name to the feature request by contacting Duo Support, or your Customer Success Manager or Account Executive if you are a Duo Care customer.
In the meantime, if you do export a new or existing PFX certificate from IIS, it may be possible to convert it into a PEM file for use in the Duo Authentication Proxy. Follow the steps below when you are at the stage of exporting:
-----BEGIN RSA PRIVATE KEY-----
to -----END RSA PRIVATE KEY-----
(including the begin and end lines themselves) and paste that into a new text file MyKeyFile.key.-----BEGIN CERTIFICATE-----
to -----END CERTIFICATE-----
and paste that into a new text file MyCertFile.pem (or MyCertFile.crt - either is fine, but Windows doesn’t really know what to do with a .pem file).ldap_server_auto: ssl_key_path=MyKeyFile.key
and ssl_cert_path=MyCertFile.pem.
ETA: I just realized you need the opposite of the answer I shared. There is a discussion on Stackoverflow on how to convert a CERT/PEM certificate to a PFX certificate which may be helpful here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide