Skip to content

Instantly share code, notes, and snippets.

@lovemyliwu
Last active August 29, 2015 14:25
Show Gist options
  • Save lovemyliwu/2e6b85e4d4cfb3653427 to your computer and use it in GitHub Desktop.
Save lovemyliwu/2e6b85e4d4cfb3653427 to your computer and use it in GitHub Desktop.
openssl command
pfx file:
https://www.openssl.org/docs/apps/pkcs12.html
to a pem file
openssl pkcs12 -in citic_root.pfx -out citic_root.pem -nodes
cer file:
https://www.openssl.org/docs/apps/x509.html
to rsa pub
openssl x509 -in citic_test_server.cer -pubkey -noout
pem file:
https://www.openssl.org/docs/apps/rsa.html
to rsa pub or pri
openssl rsa -in private_key_name.pem -out new_private.pem -pubout
get server cer:
openssl s_client -connect 202.108.57.21:443 -showcerts
@lovemyliwu
Copy link
Author

PFX files are PKCS#12 Personal Information Exchange Syntax Standard files. They can include arbitrary number of private keys with accompanying X.509 certificates (public keys) and a Certificate Authority Chain.

If you want to extract client certificates (not the CA certificates), you can use OpenSSL's PKCS12 tool.

openssl pkcs12 -in xxxx.pfx -out mycertificates.crt -nokeys -clcerts
The command above will output the certificate(s) in PEM format. The ".crt" extension known to both Mac OS X and Windows operating systems and will be usable. You mention ".cer" extension your question which is the DER format equivalent. Same certificate but different encoding. Try the ".crt" file first and if it doesn't help, it's easy to convert from PEM to DER format.

openssl x509 -inform pem -in mycertificates.crt -outform der -out mycertificates.cer

@lovemyliwu
Copy link
Author

so
*.crt == *.pem
*.cer == *.der

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment