Converting .DER cert and key files to .PFX


  1. Convert DER key file to PEM
    • openssl rsa -in MYKEY.DER -inform DER -out MYKEY.PEM -outform PEM
  2. Convert DER cert file to PEM
    • openssl x509 -in MYCERT.DER -inform DER -out MYCERT.PEM
  3. Combine PEM files into one combined file
    • cat MYKEY.PEM MYCERT.PEM > MYCOMBINED.PEM
  4. Convert combined PEM file to PFX
    • openssl pkcs12 –export –in MYCOMBINED.PEM –out MYCOMBINED.PFX –nodes

Bash script to output certificate details for a .DER cert


Note: This script works on Ubuntu Linux but not on OSX.
#!/bin/sh
export TEMPPEM=`tempfile --prefix=cert. --suffix=.pem`
openssl x509 -in $1 -inform DER -out ${TEMPPEM} -outform PEM
openssl x509 -in ${TEMPPEM} -noout -text
rm -f ${TEMPPEM}

Generating a CRL

# create necessary files
mkdir demoCA
touch demoCA/index.txt
echo 01 > demoCA/crlnumber
echo "unique_subject = no" > demoCA/index.txt.attr
 
# create empty CRL
openssl ca -gencrl -keyfile ca_key.pem -cert ca_cert.pem -out crl.pem
 
# revoke certificate
openssl ca -revoke revoked_cert.pem -cert ca_cert.pem -keyfile ca_key.pem
 
# regenerate CRL
openssl ca -gencrl -keyfile ca_key.pem -cert ca_cert.pem -out crl.pem