Document directory
- 1. Certificate Format
- 2. Conversion Method
1. Certificate Format PEM format
PEM format is usually used by a digital certificate authority (CA). The extension is. Pem,. crt,. cer, and. key. The content is a base64 encoded ASCII file, which has headers and backend tags similar to "----- begin certificate -----" and "----- end certificate. Server authentication certificates, intermediate authentication certificates and private keys can be stored in the PEM format (the certificate is actually a public key ). Apache and similar servers use PEM certificates.
Der format
Der format differs from PEM in that it uses binary instead of base64 encoded ASCII. The extension is. Der, But it is also frequently used. CerUsed as the extension. All types of authentication certificates and private keys can be stored in der format. Java makes it a typical platform.
PKCS #7/p7b format
PKCS #7 or p7b is usually stored in base64 format with the extension. P7b or. p7cAnd has a header and tail marker similar to begin pkcs7 ----- "and" ----- end pkcs7. PKCS #7 or p7b can only store certificates in the authentication certificate or certificate path (that is, the certificate chain, current level, superior level, and root level are stored in a file ). Private Keys cannot be stored. Both windows and tomcat support this format.
PKCS #12/pfx format
PKCS #12 or pfx format isEncryptionServer certificate, intermediate certificate, and private key are stored in binary format. The extension is. Pfx and. p12Pxf is usually used to import and export authentication certificates and private keys in windows.
2. You can use the OpenSSL command line tool to convert different certificate formats.
PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
After pxf is switched to PEMcertificate.cer
The file contains the authentication certificate and private key, which must be stored separately for use.