Certificate Format description and conversion between different formats

Source: Internet
Author: User
Tags openssl x509 pkcs12 pkcs7
Document directory
  • 1. Certificate Format
  • 2. Conversion Method
1. Certificate Format PEM format

PEM format is usually used by a digital certificate authority (CA). The extension is. Pem,. crt,. cer, and. key. The content is a base64 encoded ASCII file, which has headers and backend tags similar to "----- begin certificate -----" and "----- end certificate. Server authentication certificates, intermediate authentication certificates and private keys can be stored in the PEM format (the certificate is actually a public key ). Apache and similar servers use PEM certificates.

Der format

Der format differs from PEM in that it uses binary instead of base64 encoded ASCII. The extension is. Der, But it is also frequently used. CerUsed as the extension. All types of authentication certificates and private keys can be stored in der format. Java makes it a typical platform.

PKCS #7/p7b format

PKCS #7 or p7b is usually stored in base64 format with the extension. P7b or. p7cAnd has a header and tail marker similar to begin pkcs7 ----- "and" ----- end pkcs7. PKCS #7 or p7b can only store certificates in the authentication certificate or certificate path (that is, the certificate chain, current level, superior level, and root level are stored in a file ). Private Keys cannot be stored. Both windows and tomcat support this format.

PKCS #12/pfx format

PKCS #12 or pfx format isEncryptionServer certificate, intermediate certificate, and private key are stored in binary format. The extension is. Pfx and. p12Pxf is usually used to import and export authentication certificates and private keys in windows.

 

2. You can use the OpenSSL command line tool to convert different certificate formats.

 

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

After pxf is switched to PEMcertificate.cerThe file contains the authentication certificate and private key, which must be stored separately for use.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.