Difference between revisions of "OS4X Core - changing certificate format (PEM & DER)"
Line 38: | Line 38: | ||
If the remote side needs another certificate format, you have to change it. | If the remote side needs another certificate format, you have to change it. | ||
=== Convert from PEM to DER === | === Convert from PEM to DER === | ||
+ | openssl x509 -in inputCertificate.pem -out outputCertificate.der -inform PEM -outform DER | ||
=== Convert from DER to PEM === | === Convert from DER to PEM === | ||
+ | openssl x509 -in inputCertificate.der -out outputCertificate.pem -inform DER -outform PEM |
Revision as of 15:45, 6 November 2012
Some systems (mainly Windows systems) rely on the correct certificate format and/or filename extension. For these, it's important to provide certificates in the requested format.
Formats
Certificates can be saved in different formats. The main used formats are being discussed here.
PEM format
In OS4X, (nearly) all certificates files are used in PEM format. This format is ASCII based, but not human-readable. Example:
-----BEGIN CERTIFICATE----- MIIIDjCCA/agAwIBAgIKDHqkbqj+u6Pu5zANBgkqhkiG9w0BAQUFADCBizELMAkG A1UEBhMCREUxFjAUBgNVBAcMDUhvbHpnZXJsaW5nZW4xFTATBgNVBAoMDGMtd29y a3MgR21iSDEVMBMGA1UECwwMQ2VydGlmaWNhdGVzMREwDwYDVQQDDAhPRlRQMiBD .... .... XzzlP6zaRt8unDhj35nUzCdXUYsm9b1zgSJYuE5B7vu+aMB4/T9i1DhLn8RopIVg /vJihDj34jNKGRFMAIlLirvpn7nJJ2NIE0u+cpF70IcDkZ9Wqduy7OUr+PRz5wB+ 1ZOcWL2hOIxxNP5PcqIYAiwmvjDXfgzJqbPw1qoPYQRxHSo+cMLHDq+7U9cC0AMR 8/o= -----END CERTIFICATE-----
In Windows, these files may have the following file extensions:
.cer .pem
Depending on your system, you can directly import these certificates. Maybe you need to rename the file extension from ".pem
" to ".cer
".
DER format
The DER format is a binary formatted file which is not human-readable. Windows system often refer to the certificate filename extension "<code".der".
Converting line ending
If the Windows based system is not able to import your certificate, it may be needed to change the Unix line ending ("line feed") to the Windows format ("carriage return & line feed"). You can make this conversion in several ways:
root@os4xbox:/tmp# unix2dos certificateFile.cer unix2dos: File certificateFile.cer will be formatted to DOS format ...
Using "sed
" (i.e. if "unix2dos" is not installed):
sed 's/$'"/`echo \\\r`/" certificateFile.cer > certificateFile_windows.cer
Converting file format
If the remote side needs another certificate format, you have to change it.
Convert from PEM to DER
openssl x509 -in inputCertificate.pem -out outputCertificate.der -inform PEM -outform DER
Convert from DER to PEM
openssl x509 -in inputCertificate.der -out outputCertificate.pem -inform DER -outform PEM