(SP/Propel) Support Tip: how to apply and verify custom SSL certificates in SMSP and Propel

1. how to replace with custom SSL certificaties in SMSP

 - please refer to official document.


2. how to verify custom SSL certificates files

 1) SSL certificates files in SMSP


      CA.crt      // Certified Authority certification file, PEM format

      .keystore   // Java Keystore file where Propel/SMSP host's certification is imported

      propel_host.chain.crt // merged PEM format certification for CA.crt, propel_host.crt and other certified hosts

      propel_host.crt      // Propel/SMSP host's certification file, PEM format

      propel_host.key.rsa // Propel/SMSP host's RSA private key

      propel_host.pfx    // Propel/SMSP host's KCS#12 format

      propel.truststore   // Java Keystore file where all trusted host certifications are imported



2) verification  ( same to any set of certification files, OOB and custom both )

  • CA.crt

% openssl x509 -issuer -subject -dates -noout -in CA.crt



  • .keystore

% keytool -list -v -keystore .keystore


propel2014 as default password


  • propel_host.chain.crt

% openssl x509 -issuer -subject -dates -noout -in propel_host.chain.crt



  • propel_host.crt

% openssl x509 -issuer -subject -dates -noout -in propel_host.crt



  • propel_host.key.rsa

We can see details of private key by below command, however, it is more important to verify matching between private key and public key

%openssl rsa -noout -text -in propel_host.key.rsa

 verify matching between private key(propel_host.key.rsa) and public key(propel_host.crt)

% openssl x509 -pubkey -in propel_host.crt -noout | openssl md5

% openssl pkey -pubout -in propel_host.key.rsa | openssl md5



  • propel_host.pfx

% openssl pkcs12 -info -in propel_host.pfx


propel2014 as default password


  • propel.truststore

% keytool -list -v -keystore propel.truststore


propel2014 as default password