I have a wildcard.pfx certificate which I need to use in my vCD instance.  Here are the steps to convert the certificate and import into vCD:

1. Convert the pfx to pem:
   1. openssl pkcs12 -in certificate.pfx -out certificate.cer –nodes
2. Extract the private key from the certificate.cer.
   1. copy from —–BEGIN PRIVATE CERTIFICATE—–
   2. to end of —–END PRIVATE CERTIFICATE—–
   3. Create new file called certificate.key and paste
3. Recreate pfx and set alias for http
   1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name http -passout pass:yourpassword -out http.pfx
4. Recreate pfx and set alias for consoleproxy
   1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name consoleproxy -passout pass:yourpassword -out consoleproxy.pfx
5. Import the 2 PKCS12 keystores into Java keystore using keystore
   1. ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias http -destalias http -srcstorepass yourpassword
   2. ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias consoleproxy -destalias consoleproxy -srcstorepass yourpassword
6. Now import the root and intermediate certificates (if any) to the same keystore
   1. ./keytool -importcert -alias root -file GeoTrust_Global_CA.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword
   2. keytool -importcert -alias intermediate -file RapidSSL.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword