Openssl: Difference between revisions
No edit summary (change visibility) |
No edit summary (change visibility) |
||
| Line 22: | Line 22: | ||
|} | |} | ||
= View = | |||
== View PEM encoded certificate == | |||
Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate | |||
<syntaxhighlight lang="console"> | |||
openssl x509 -in cert.pem -text -noout | |||
openssl x509 -in cert.cer -text -noout | |||
openssl x509 -in cert.crt -text -noout | |||
</syntaxhighlight> | |||
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below” | |||
<syntaxhighlight lang="console"> | |||
unable to load certificate | |||
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE | |||
</syntaxhighlight> | |||
== View DER encoded Certificate == | |||
<syntaxhighlight lang="console"> | |||
openssl x509 -in certificate.der -inform der -text -noout | |||
</syntaxhighlight> | |||
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above | |||
<syntaxhighlight lang="console"> | |||
unable to load certificate | |||
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306: | |||
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509 | |||
</syntaxhighlight> | |||
https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them | |||
https://www.sslshopper.com/ssl-converter.html | https://www.sslshopper.com/ssl-converter.html | ||
Revision as of 12:07, 5 December 2016
Some usefull Openssl commands
| Comment | Command |
|---|---|
| Convert pem (base64 certfiles) to pfx | openssl pkcs12 -inkey privatekey.pem -in publiccert.pem -export -out output.pfx |
| remove passphrase from private key file | openssl rsa -in EncryptedPrivateKey.pem -out PrivateKey.pem |
| convert private key to aes192 encrypted private key | openssl rsa -in file.key -out aes192.key -aes192 |
| match public and private key |
openssl x509 -in cert.crt -text -noout -modulus openssl rsa -in file.key -check -modulus manually match moduli |
| read and verify private key | openssl rsa -in file.key -text -check |
View
View PEM encoded certificate
Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate
openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below”
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
View DER encoded Certificate
openssl x509 -in certificate.der -inform der -text -noout
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above
unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them https://www.sslshopper.com/ssl-converter.html