Last active
August 29, 2015 14:03
-
-
Save jcasadella/7a27b9e56a6fd7ba9ab6 to your computer and use it in GitHub Desktop.
Certificates X.509
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## PEM Format | |
| # Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" | |
| # and "-----END CERTIFICATE-----" statements. | |
| ## DER Format | |
| # Binary from a certificate | |
| ## Convert from hex to binary | |
| # xxd Concerts from binary to hex. | |
| # Option "-r" reverts the conversion (from hex to binary) | |
| # Option "-p" outputs in postscript style | |
| cat certificate.crt | xxd -r -p > certificate.der | |
| ## Convert PEM to DER | |
| openssl x509 -outform der -in certificate.pem -out certificate.der | |
| ## Convert DER to PEM | |
| openssl x509 -inform der -in certificate.cer -out certificate.pem | |
| ## Show certificate information in text form | |
| # -in file input file | |
| # -inform arg input format SMIME (default), PEM or DER | |
| # -text include or delete text MIME headers | |
| # -noout don't print key out | |
| openssl x509 -in certificate.der -inform der -text -noout | |
| ## Send OCSP Request | |
| # -text show all request and response data | |
| # -url URL of the OCSP server | |
| openssl ocsp -issuer chain.pem -cert wikipedia.pem -text -url http://ocsp.digicert.com | |
| ## Verify Certificate chain | |
| # Certificates must be in PEM format | |
| # -untrusted Used to add more than one untrusted certificate of the chain to verify | |
| openssl verify -CAfile ca_cert.pem -verbose issued_cert.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment