Last active
August 29, 2015 14:25
-
-
Save lovemyliwu/2e6b85e4d4cfb3653427 to your computer and use it in GitHub Desktop.
openssl command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pfx file: | |
https://www.openssl.org/docs/apps/pkcs12.html | |
to a pem file | |
openssl pkcs12 -in citic_root.pfx -out citic_root.pem -nodes | |
cer file: | |
https://www.openssl.org/docs/apps/x509.html | |
to rsa pub | |
openssl x509 -in citic_test_server.cer -pubkey -noout | |
pem file: | |
https://www.openssl.org/docs/apps/rsa.html | |
to rsa pub or pri | |
openssl rsa -in private_key_name.pem -out new_private.pem -pubout | |
get server cer: | |
openssl s_client -connect 202.108.57.21:443 -showcerts |
so
*.crt == *.pem
*.cer == *.der
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PFX files are PKCS#12 Personal Information Exchange Syntax Standard files. They can include arbitrary number of private keys with accompanying X.509 certificates (public keys) and a Certificate Authority Chain.
If you want to extract client certificates (not the CA certificates), you can use OpenSSL's PKCS12 tool.
openssl pkcs12 -in xxxx.pfx -out mycertificates.crt -nokeys -clcerts
The command above will output the certificate(s) in PEM format. The ".crt" extension known to both Mac OS X and Windows operating systems and will be usable. You mention ".cer" extension your question which is the DER format equivalent. Same certificate but different encoding. Try the ".crt" file first and if it doesn't help, it's easy to convert from PEM to DER format.
openssl x509 -inform pem -in mycertificates.crt -outform der -out mycertificates.cer