Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

x509 Conversions

Converting Cert Types

CA issue certs in many x509 formats, though PEM is the most common. Your client might need a different format though. All x509 have 3 parts:

  1. Public Key/Private Key Pair
  2. Digital Signature
  3. Information about the issuing party

PEM to DER:

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to P7B:

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

PEM to PFX:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

DER to PEM (DER is binary form):

openssl x509 -inform der -in certificate.cer -out certificate.pem

P7B to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

P7B to PFX (Base 64):

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

PFX to PEM (binary single storage in p12, windows):

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes