Difference between revisions of "OS4X Core - list of support certificate formats"
| Line 52: | Line 52: | ||
=== Support in OS4X === | === Support in OS4X === | ||
| − | PKCS#7 certificate archives are supported to be imported in the trusted certificates store. Each certificate included in the archive is being extracted as a separate certificate. | + | PKCS#7 certificate archives are supported to be imported in the trusted certificates store. Each certificate included in the archive is being extracted as a separate PEM formatted certificate. |
== PKCS#7 DER Formatted certificate archives == | == PKCS#7 DER Formatted certificate archives == | ||
Revision as of 12:30, 2 December 2016
Background
For handling X509v3 certificates and keys, several format exist. In general, file suffix names (such as ".cer", ".der", ".pem" or others) are only a hint of what format is included in the file, but this does not neccessarily mean that the format is really represendeted in the file itself. So, when dealing with several file formats, you will have to determine which certificate format is really included in the file.
This is a list of supported certificate formats which OS4X can deal with:
X509v3 PEM encoded certificate
Suffixes known
.cer.cert.pem
Description
This format is an ASCII, textual representation of a BASE64 encoded certificate format. The content is readable in a text editor. The file has a header and footer line:
-----BEGIN CERTIFICATE-----
(some BASE64 encoded content)
-----END CERTIFICATE-----
Support in OS4X
This file format is the main format used in OS4X, used in several places:
- TLS server and client certificate (PEM format is expected; according to every automatism generated on the fly)
- trusted certificates (automatic conversion into this format is implemented for DER and PKCS#7)
- partner certificates (used for en-/decryption and signature [verification] processes; automatic conversion into this format is implemented for DER and PKCS#7)
X509v3 DER encoded certificate
Suffixes known
.cer.der
Description
This binary format for X509v3 certificate is an ASN.1 formatted binary file which cannot be read in a text editor. This format is used i.e. for automatic OFTP2 certificate exchange. We have an article available about converting from and to DER formatted certificates: OS4X Core - changing certificate format (PEM & DER).
Support in OS4X
- trusted certificates (automatic conversion into PEM format is implemented)
- partner certificates (used for en-/decryption and signature [verification] processes; automatic conversion into PEM format is implemented)
PKCS#7 PEM Formatted certificate archives
Suffixes known
.pkcs7.pfx.p7b
Description
This format is an ASCII, textual representation of a BASE64 encoded certificate archive format. The content is readable in a text editor. The file has a header and footer line:
-----BEGIN PKCS7-----
(some BASE64 encoded content)
-----END PKCS7-----
Support in OS4X
PKCS#7 certificate archives are supported to be imported in the trusted certificates store. Each certificate included in the archive is being extracted as a separate PEM formatted certificate.