在项目实施的过程中需要把IHS上面的SSL证书导出,去申请CDN,或者把证书导入到F5等负载均衡设备做SSL off load的工作。以下为到处IHS 的ssl服务器证书私钥的方法:
1) 用Ikeyman打开Key文件。
2) 选择personal certificate,点export.
3) 选择PKCS12文件类型,输入文件名,点OK.
4) 输入PKCS12文件的password,点OK.
5) 安装OpenSSL,在AIX上需要另外安装。找台Linux服务来做会比较方便。
6) 用OpenSSL从p12文件解开私钥:
openssl pkcs12 -in mycert_export.p12 -out mycert_private.key -nodes -nocerts
7) 用OpenSSL从p12文件解开服务器证书cert:
openssl pkcs12 -in mycert_export.p12 -out mycert_public.cer -nodes -nokeys

以下是一个例子:
root@mytest:/tmp/keys/>openssl pkcs12 -in keys.p12 -out private.key -nodes -nocerts
Enter Import Password:
MAC verified OK
root@mytest:/tmp/keys/>ls -lrt
total 136
-rw-r--r-- 1 root root 80 Feb 10 12:25 key.crl
-rw-r--r-- 1 root root 115080 Feb 10 12:25 key.kdb
-rw-r--r-- 1 root root 80 Feb 10 12:25 key.rdb
-rw-r--r-- 1 root root 2394 Feb 10 12:27 keys.p12
-rw-r--r-- 1 root root 1803 Feb 10 12:30 private.key
root@mytest:/tmp/keys/>cat private.key
Bag Attributes
localKeyID: 31 33 32 38 38 34 38 30 33 33 35 34 34
friendlyName: server
Key Attributes:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAuh2lhYnaFDQPyKMXCbyHW+TITfsjB1351u3QkxFfzyKD6SJZ
1zcJ9ZAvA42JLOUg2zfSGDksp4V0lZc/Mu9NW5dVGeIVTmiJ4ceqKFqUxipxMuMh
73ZoX9qCMMpCUD4/kXKMpRxv1SqUuQd/a3M1TZdKKehIBjlgzE3/5elo/ZMSEE3q
mXoVYbAVbiM0OKrIDHcvigcHrFLF4hA6DXPzWc28mItKBRSNAmAU3O1l52tIGh/s
36wjghs8+qwXlWyUDKA4d6zeD3e/utJtXWvcTS9T4nigq2Y2o4t8SFHyO6OSEPkT
6iTmFBp4+zGNezEYbrjV5yVV7uwB87sxVzkDZQIDAQABAoIBAD7Lge1sdYgbiLfJ
TxyZ35HBv1OQSGFT89fwpU75rbnVi2w9itJyX4na/AHW31GmfU95pglGQSrEfHF8
dnZZB2C/zpbNESNDYkIre93hshCqgUcKG4kQCmdM8mBD3dv1JL2OSKXs0k657zP+
s58tX+6t/Pfmx2ZSNba5Gn4YIrRrN2tw4WNaTkugw/DVeacegS/maEBORTibtuX2
YvISnyF4svrTIxQ5aICRZgMlBYZGIK2nYldEIwnc4rsyRmWvqGlkbT3O8sbufoIO
M89hq5BET7+csijpRs7S44qvROp84eb56XiViIjN7VAI/6oYt7JvZGKgU0y1ey51
Etc3HAECgYEA4dnCQ3+kf3c2qHKqlemW3aVfnIYogDUU3oRCIkLwrAcMlF3XI3+f
ZYDtjGm43wDO3dxTLmSC+G9eJN3F+YOFmO5oUr9Y1jdObmUITcnwkAafsYrkusJs
pA2jVVyxoUSsMmnPcP+LnhQkhCUWIVD+CipXet+YgZLBMWUeCDHskHkCgYEA0vX8
f/duBJ6497UoGnVT6X62+HLAdNy96NQ0Pdoxkwndcngh1grex0BQX3WruGn+4a04
XiwskYiNKCKVVbwRDVoWStWj3J2ceSe0AxPJ5dDvlnD/IX31r5MEGH/4Ty9CEREq
7YnqZyOjFXZD/khL22HvuanDxt828vdFV68AR00CgYAlPTiQ1J0U/10dzTpfWZKs
nTX0oxJOgXIddoVJDOyOEON8GzT7/3ES1X1Vp6D59DIn1spIXf5SZFqLjZ21FICU
xMqiyjYlrBzciwAhg2iM9uqh5ZrtSF2Nd0o1KwGG68HQ1i2EHj6xI/UZbNwHRkl8
95pRAkktJDuCn3+iLkkpUQKBgCmJlbX8mgT+25yqZsMO5v7KnGw+6/YWoK3/Wmnz
VF+HSbsIPGFQspy45RpmqPEerbjxym+AcyYUpPaKGK1Q4mqmmk0R07nUrsKMNr2E
X/SINySACzwk+QMhB2VrjRDKVU/W+YTb6vNz6OCI8MpYodcIaZM9AfdebAta9KRX
KM7hAoGASP3UL3wAKDMrWFk8TRPuGz6F175oIDWeUEF3KjyNitGmqNAw9aUbFQ/v
YYAr3lleeFGR+KRhIMrltqqmM8sQ3z0Rc6Twk/V/xplFgdoolxrH4TfG9fMDf0DO
QBSCUIwrWHFJ2Ai1VJykm2GK0K7MWdcNSpfVmBpXD3+NfEWzoPs=
-----END RSA PRIVATE KEY-----