Certificate format conversion for OpenSSL

Certificate conversions

The PKCS full name is Public-key cryptography standards, a set of standards developed by RSA Labs and other security system developers to facilitate the development of public key cryptography, which currently has a total of 15 standards. Commonly used are:
Pkcs#7 Cryptographic Message Syntax Standard
PKCS#10 Certification Request Standard
pkcs#12 Personal information Exchange Syntax Standard
The most common common certificate format is the. All certificates conform to the ITU-T X509 International Standard established for public Key Infrastructure (PKI).
Pkcs#7 commonly used suffixes are:. p7b. p7c. Spc
Pkcs#12 commonly used suffixes are:. P12. PFX
The suffix of the DER encoded (ASCII) is:. DER. Cer. Crt
The suffix of the Base64 is:. Pem. Cer. Crt
The. CER/.CRT is used for storing certificates, which are stored in 2 binary form and do not contain private keys.
The difference between a. Pem and a crt/cer is that it is expressed in ASCII.
PFX/P12 is used to store personal certificates/private keys, he usually contains protection password, 2 binary mode
P10 is a certificate request
P7R is the CA's response to a certificate request and is used only for import
P7B Displays the certificate chain (certificate chain) in a tree form, and also supports a single certificate, without a private key.

1. CA Certificate

To create the RSA key (PEM format) of the CA certificate with OpenSSL:

OpenSSL genrsa-des3-out Ca.key 1024        

2. Create a CA certificate valid for one year

Create a CA certificate with OpenSSL (PEM format, if valid for one year):

OpenSSL req-new-x509-days 365-key ca.key-out ca.crt-config openssl.cnf        

OpenSSL is a CA certificate that can generate a der format, preferably using IE to convert the CA certificate in PEM format into a DER-formatted CA certificate.

3. Convert X509 to PFX

OpenSSL pkcs12-export-out Server.pfx-inkey server.key-in server.crt     

4. Conversion of Ca.key in PEM format to PVK format that Microsoft can recognize

Pvk-in Ca.key-out ca.pvk-nocrypt-topvk        

5. Conversion of pkcs#12 to PEM

OpenSSL pkcs12-nocerts-nodes-in cert.p12-out private.pem  verify   OpenSSL pkcs12-clcerts-nokeys-in cert.p12-out Cert.pem        

6. Extract the private key format file (. key) from the PFX format file

OpenSSL pkcs12-in mycert.pfx-nocerts-nodes-out Mycert.key     

7. Convert PEM to to SPC

   OpenSSL crl2pkcs7-nocrl-certfile venus.pem  -outform der-out venus.spc     

Specifies the DER or PAM format with-outform-inform. For example:

OpenSSL x509-in cert.pem-inform pem-out Cert.der-outform der        

8. Conversion of PEM to pkcs#12

OpenSSL pkcs12-export-in cert.pem-out Cert.p12-inkey Key.pem        

IIS Certificate

CD C:\openssl  set openssl_conf=openssl.cnf  OpenSSL pkcs12-export-out Server.pfx-inkey serve R.key-in SERVER.CRT        

The Server.key and SERVER.CRT files are Apache certificate files, and the generated server.pfx is used to import IIS

9. How to Convert PFX Certificate to PEM Format for SOAP

$ OpenSSL pkcs12-in test.pfx-out client.pem  Enter Import Password:  MAC verified OK  Enter PEM Pass Phrase:
   verifying-enter PEM Pass Phrase:  

Certificate format conversion for OpenSSL