misc:ssl_certificate
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
misc:ssl_certificate [2023/11/17 17:34] manu created |
misc:ssl_certificate [2023/11/17 17:44] (current) manu [View contents of PEM certificate file] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificates into the appropriate format. | If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificates into the appropriate format. | ||
| + | ===== View contents of certificate file ===== | ||
| + | |||
| + | PEM file: | ||
| + | <cli prompt='#'> | ||
| + | # openssl x509 -in CERTIFICATE.pem -text -noout | ||
| + | </cli> | ||
| + | |||
| + | DER file: | ||
| + | <cli prompt='#'> | ||
| + | # openssl x509 -inform der -in CERTIFICATE.der -text -noout | ||
| + | </cli> | ||
| ===== Some common conversion commands are listed below: ===== | ===== Some common conversion commands are listed below: ===== | ||
| Note: The PEM format is the most common format used for certificates. Extensions used for PEM certificates are cer, crt, and pem. They are Base64 encoded ASCII files. The DER format is the binary form of the certificate. DER formatted certificates do not contain the "BEGIN CERTIFICATE/END CERTIFICATE" statements. DER formatted certificates most often use the '.der' extension. | Note: The PEM format is the most common format used for certificates. Extensions used for PEM certificates are cer, crt, and pem. They are Base64 encoded ASCII files. The DER format is the binary form of the certificate. DER formatted certificates do not contain the "BEGIN CERTIFICATE/END CERTIFICATE" statements. DER formatted certificates most often use the '.der' extension. | ||
| + | |||
| ==== Convert x509 to PEM ==== | ==== Convert x509 to PEM ==== | ||
| - | openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem | + | |
| + | <cli prompt='#'> | ||
| + | # openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem | ||
| + | </cli> | ||
| ==== Convert PEM to DER ==== | ==== Convert PEM to DER ==== | ||
| - | openssl x509 -outform der -in certificatename.pem -out certificatename.der | + | |
| + | <cli prompt='#'> | ||
| + | # openssl x509 -outform der -in certificatename.pem -out certificatename.der | ||
| + | </cli> | ||
| ==== Convert DER to PEM ==== | ==== Convert DER to PEM ==== | ||
| - | openssl x509 -inform der -in certificatename.der -out certificatename.pem | + | |
| + | <cli prompt='#'> | ||
| + | # openssl x509 -inform der -in certificatename.der -out certificatename.pem | ||
| + | </cli> | ||
| ==== Convert PEM to P7B ==== | ==== Convert PEM to P7B ==== | ||
| Line 19: | Line 40: | ||
| Note: The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c. | Note: The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c. | ||
| A P7B file only contains certificates and chain certificates (Intermediate CAs), not the private key. The most common platforms that support P7B files are Microsoft Windows and Java Tomcat. | A P7B file only contains certificates and chain certificates (Intermediate CAs), not the private key. The most common platforms that support P7B files are Microsoft Windows and Java Tomcat. | ||
| - | openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer | + | |
| + | <cli prompt='#'> | ||
| + | # openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer | ||
| + | </cli> | ||
| ==== Convert PKCS7 to PEM ==== | ==== Convert PKCS7 to PEM ==== | ||
| - | openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem | ||
| - | Convert pfx to PEM | + | <cli prompt='#'> |
| + | # openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem | ||
| + | </cli> | ||
| + | |||
| + | ==== Convert pfx to PEM ==== | ||
| Note: The PKCS#12 or PFX format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. | Note: The PKCS#12 or PFX format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. | ||
| - | openssl pkcs12 -in certificatename.pfx -out certificatename.pem | ||
| - | Convert PFX to PKCS#8 | + | <cli prompt='#'> |
| + | # openssl pkcs12 -in certificatename.pfx -out certificatename.pem | ||
| + | </cli> | ||
| + | |||
| + | ==== Convert PFX to PKCS#8 ==== | ||
| Note: This requires 2 commands | Note: This requires 2 commands | ||
| - | STEP 1: Convert PFX to PEM | ||
| - | openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem | + | * STEP 1: Convert PFX to PEM |
| - | STEP 2: Convert PEM to PKCS8 | + | <cli prompt='#'> |
| + | # openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem | ||
| + | </cli> | ||
| - | openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8 | + | * STEP 2: Convert PEM to PKCS8 |
| - | Convert P7B to PFX | + | <cli prompt='#'> |
| + | # openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8 | ||
| + | </cli> | ||
| + | |||
| + | ==== Convert P7B to PFX ==== | ||
| Note: This requires 2 commands | Note: This requires 2 commands | ||
| - | STEP 1: Convert P7B to CER | ||
| - | openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer | + | * STEP 1: Convert P7B to CER |
| + | |||
| + | <cli prompt='#'> | ||
| + | # openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer | ||
| + | </cli> | ||
| + | |||
| + | * STEP 2: Convert CER and Private Key to PFX | ||
| - | STEP 2: Convert CER and Private Key to PFX | + | <cli prompt='#'> |
| + | # openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer | ||
| + | </cli> | ||
| - | openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer | ||
misc/ssl_certificate.1700238881.txt.gz · Last modified: 2023/11/17 17:34 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
