The SSL certificate formats used by different platforms and languages are often different. Here we record some common conversion methods.
All are converted using OpenSSL or keytool. You do not need to implement the conversion using your own code. You can replace the corresponding file name in use.
-------------------------------------- I am a split line -----------------------------------------
# Convert CRT to pfx (p12)
OpenSSL PKCS12-export-inkey server. Key-in server. CRT-out server. pfx
# CSR to pfx (p12)
OpenSSL PKCS12-export-inkey server. Key-in server. CSR-out server. pfx
# Pfx to jks
Keytool-importkeystore-v-srckeystore client. pfx-srcstoretype PKCS12-destkeystore client. keystore-deststoretype jks
# Converting jks to p12 (pfx)
Keytool-importkeystore-srckeystore client_pri.keystore-destkeystore client_pri.p12-srcstoretype jks-deststoretype PKCS12-srcalias imgo. TV-destalias imgo. TV-noprompt
# Pfx to X509
OpenSSL PKCS12-In onovps.com. pfx-nodes-out onovps.com. pem
OpenSSL RSA-In onovps.com. pem-out onovps.com. Key
OpenSSL X509-In onovps.com. pem-out onovps.com. CRT
-------------------------------------- I am a split line ---------------------------------------
To generate a certificate, I generally use OpenSSL to generate it as follows:
OpenSSL genrsa-des3-out server. Key 1024
OpenSSL req-New-key server. Key-out server. CSR
OpenSSL RSA-in server. Key-out server. Key
# If no Ca is available, issue your own certificate.
OpenSSL X509-req-days 365-in server. CSR-signkey server. Key-out server. CRT