PKCS Full name: Public-Key
Cryptography standards , Is created RSA The lab and other security system developers set a series of standards to promote the development of public key cryptography, PKCS Has been released 15 Standards. Commonly used:
PKCS #7 cryptographic message syntax Standard
PKCS #10 certification request Standard
PKCS #12 Personal Information Exchange syntax Standard
X.509Is a common certificate format. All certificates complyPublic Key
Infrastructure (PKI)DevelopedITU-T X509International standards.
PKCS #7The common suffixes are:. P7b. p7c. SPC
PKCS #12Common suffixes include:. P12. pfx
X.509 derEncoding(ASCII)The suffix is:. Der. Cer. CRT
X.509 PamEncoding(Base64)The suffix is:. Pem. Cer. CRT
. Cer/. CRTIs used to store certificates, it is2It is stored in the hexadecimal format, excluding the private key.
. PEM and CRT/CER the difference is that it uses ASCII .
Pfx/P12Used to store personal certificates/Private Key, which usually includes a protected password,2Hexadecimal Mode
P10Yes certificate request
P7rYesCAReply to the certificate request, which is only used for Import
P7bDisplay the certificate chain in a tree(Certificate
Chain)And a single certificate, excluding the private key.
1. caCertificate
Use OpenSSL Create CA Certificate RSA Key (PEM Format ) :
OpenSSL genrsa-des3-out ca. Key 1024
2.CreateCAThe certificate is valid for one year.
Use OpenSSL Create CA Certificate (PEM Format , Assume that the validity period is one year. ) :
OpenSSL req-New-X509-days 365-key ca. Key-out ca. CRT-config
OpenSSL. CNF
OpenSSL Yes Der Format CA Certificate, preferably IE Set PEM Format CA Certificate Der Format CA Certificate.
The generatedCRTFormat certificate importIEAnd then exportCERFormat
3. X509ConvertPfx
OpenSSL PKCS12-export-out server. pfx-inkey server. Key-in
Server. CRT
4. PEM Format Ca. key convert to Microsoft identifiable PVK Format
PVK-in CA. Key-out ca. PVK-nocrypt-topvk
5. PKCS #12ToPEMConversion
OpenSSL PKCS12-nocerts-nodes-In cert. p12-out private. PEM Verification OpenSSL
PKCS12-clcerts-nokeys-In cert. p12-out cert. PEM
6.SlavePfxExtract private key files from a format file(. Key)
OpenSSL PKCS12-In mycert. pfx-nocerts-nodes-out mycert. Key
7.ConversionPEMToSPC
OpenSSL crl2pkcs7-nocrl-certfile
Venus. pem-outform der-Out Venus. SPC
Use-Outform-informSpecifyDerOrPamFormat. For example:
OpenSSL X509-in CERT. pem-inform PEM-out cert. Der-outform der
8. pemToPKCS #12Conversion
OpenSSL PKCS12-export-in CERT. pem-out cert. p12-inkey key. pem
IIS certificate
Cd c: \ OpenSSL set openssl_conf = OpenSSL. CNF OpenSSL PKCS12-export-out server. pfx-inkey
server. key-in server. CRT
server. key and server. CRT file is apache Certificate file, generated server. pfx used for import IIS
9. How to convert pfx certificate to PEM format for soap
$ OpenSSL PKCS12-in test. pfx-out client. pem enter import password: Mac verified OK enter PEM pass phrase: verifying-enter PEM pass phrase: