Home > Others

Certificate Format description and conversion between different formats

Source: Internet
Author: User
Tags openssl x509 pkcs12 pkcs7
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Document directory
  • 1. Certificate Format
  • 2. Conversion Method
1. Certificate Format PEM format

PEM format is usually used by a digital certificate authority (CA). The extension is. Pem,. crt,. cer, and. key. The content is a base64 encoded ASCII file, which has headers and backend tags similar to "----- begin certificate -----" and "----- end certificate. Server authentication certificates, intermediate authentication certificates and private keys can be stored in the PEM format (the certificate is actually a public key ). Apache and similar servers use PEM certificates.

Der format

Der format differs from PEM in that it uses binary instead of base64 encoded ASCII. The extension is. Der, But it is also frequently used. CerUsed as the extension. All types of authentication certificates and private keys can be stored in der format. Java makes it a typical platform.

PKCS #7/p7b format

PKCS #7 or p7b is usually stored in base64 format with the extension. P7b or. p7cAnd has a header and tail marker similar to begin pkcs7 ----- "and" ----- end pkcs7. PKCS #7 or p7b can only store certificates in the authentication certificate or certificate path (that is, the certificate chain, current level, superior level, and root level are stored in a file ). Private Keys cannot be stored. Both windows and tomcat support this format.

PKCS #12/pfx format

PKCS #12 or pfx format isEncryptionServer certificate, intermediate certificate, and private key are stored in binary format. The extension is. Pfx and. p12Pxf is usually used to import and export authentication certificates and private keys in windows.

 

2. You can use the OpenSSL command line tool to convert different certificate formats.

 

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

After pxf is switched to PEMcertificate.cerThe file contains the authentication certificate and private key, which must be stored separately for use.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
difference between type casting and type conversion conversion between roman and arabic numerals difference between key and certificate different date formats different currency formats different date formats in javascript linux date format conversion

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More