Misc Certificate Notes

From Direct Project
Jump to navigation Jump to search

Converting .DER cert and key files to .PFX


  1. Convert DER key file to PEM
    • openssl rsa -in MYKEY.DER -inform DER -out MYKEY.PEM -outform PEM
  2. Convert DER cert file to PEM
    • openssl x509 -in MYCERT.DER -inform DER -out MYCERT.PEM
  3. Combine PEM files into one combined file
    • cat MYKEY.PEM MYCERT.PEM > MYCOMBINED.PEM
  4. Convert combined PEM file to PFX
    • openssl pkcs12 –export –in MYCOMBINED.PEM –out MYCOMBINED.PFX –nodes


Bash script to output certificate details for a .DER cert


Note: This script works on Ubuntu Linux but not on OSX.

#!/bin/sh
 export TEMPPEM=`tempfile --prefix=cert. --suffix=.pem`
 openssl x509 -in $1 -inform DER -out ${TEMPPEM} -outform PEM
 openssl x509 -in ${TEMPPEM} -noout -text
 rm -f ${TEMPPEM}


Generating a CRL

# create necessary files
 mkdir demoCA
 touch demoCA/index.txt
 echo 01 > demoCA/crlnumber
 echo "unique_subject = no" > demoCA/index.txt.attr
 
 # create empty CRL
 openssl ca -gencrl -keyfile ca_key.pem -cert ca_cert.pem -out crl.pem
 
 # revoke certificate
 openssl ca -revoke revoked_cert.pem -cert ca_cert.pem -keyfile ca_key.pem
 
 # regenerate CRL
 openssl ca -gencrl -keyfile ca_key.pem -cert ca_cert.pem -out crl.pem