Getting Server's SSL/TLS Certificate Chain
openssl s_client -connect some_hostname:443 -showcerts
X.509 certificates are dumped as base64-encoded strings between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers. They should be (together with the headers) stored in files with .pem suffix.We can look at the certificate information then:
openssl x509 -in cert.pem -inform PEM -noout -text
Conversion of Key and Certificate Formats
Keys
- PKCS1 – PEM to DER openssl rsa -in key.pem -out key.der -inform pem -outform der
The key format is reflected in the header (of the key.pem):
- PKCS#1 - BEGIN RSA PRIVATE KEY, BEGIN RSA PUBLIC KEY
- PKCS#8 - BEGIN PRIVATE KEY, BEGIN ENCRYPTED PRIVATE KEY
Certificates
- PEM to P12
openssl pkcs12 -export -out cert.p12 -in cert.pem -inkey key.pem - PEM to DER openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
No comments:
Post a Comment