In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
All kinds of certificates are stored in different contents (such as whether they contain public / private keys, encrypted storage / single certificate or multiple certificates, etc.), adopt different codes (DER/BASE64), and have different standards (such as PEM/PKCS), so although the X.509 standard provides for certificate content specifications, certificate files are still varied.
In practical applications, certificate format conversion is often required. For example, certificates in PEM format are required when configuring certificate servers in Linux scenarios such as VMware Operation Manager and Identity Manager, but many people only have certificates in CER format. Fortunately, openssl has good support for these different standards and can be used to convert certificates of different formats. This article will take the SSL format conversion in Identity Manager scene as an example to demonstrate.
Certificate export
In this environment, CA certification authorities within the enterprise will issue certificates for them, so the certificate format obtained is Cer or pfx format that is easy for Windows to recognize. First, we export the certificate.
The private key is required for the Identity Manager of this environment, so choose to export the private key
Note: generally speaking, certificates in pem format need to be exported and identified.
When the export private key is checked, only pfx can be selected as the file format
Set password
Select the export path
Export complete
At the same time, we also need to export the certificate of the enterprise's root certificate authority for export.
The root certificate chooses not to export the private key. Note: exporting a certificate from a root certification authority is a very dangerous thing
We choose "base64 Encoding" for certificate format.
Export complete
Now that we have a server certificate and a corresponding root certificate authority certificate, we can convert the certificate format through openssl.
Certificate format conversion
Before installing openssl, install Microsoft Visual C++ 2008 Redistributable Package (x86) on your system. To download the software package, (download address:
Https://www.microsoft.com/en-us/download/confirmation.aspx?id=29)
Download the Shining Light Productions installer for OpenSSL x86 at Shining Light Productions. This is the software developed by OpenSSL Project. Click install when the download is complete, and by default it will be installed in the root directory of disk C.
Enter the bin directory of the installation directory through cmd
First convert pfx format to pem format
And use the following command to convert the certificate exported above to pem format (without private key)
Openssl pkcs12-in c:\ idm.pfx-clcerts-nokeys-out c:\ idm.pem
(the above command is to convert the idm.pfx certificate in pkcs12 format to pem format through openssl, where-nokeys specifies that if you do not need to export the private key, the command needs to specify the specific certificate location according to your own situation)
Then the private key is also converted to pem format by command, and the password is required during the conversion output.
Openssl pkcs12-in c:\ idm.pfx-nocerts-out c:\ idm.key.pem
(- nocerts only converts the private key to control that the certificate is not converted)
Finally, the private key in pem format is converted to rsa by command.
Open the C disk to see that it has generated a certificate in pem format and a private key in pem format
Finally, convert the root certificate to pem format
That is, the process of converting from CER format to PEM is as follows
Openssl.exe x509-in c:\ rootca.cer-out c:\ rootca.pem
Of course, in addition to pfx and the conversion from Cer to pem, openssl also supports many other formats. The basic references are as follows:
PEM--DER/CER (conversion of BASE64--DER coding)
Openssl x509-outform der-in certificate.pem-out certificate.der
EM--P7B (PEM--PKCS#7)
Openssl crl2pkcs7-nocrl-certfile certificate.cer-out certificate.p7b-certfile CACert.cer
PEM--PFX (PEM--PKCS#12)
Openssl pkcs12-export-out certificate.pfx-inkey privateKey.key-in certificate.crt-certfile CACert.crt
PEM--p12 (PEM--PKCS#12)
Openssl pkcs12-export-out Cert.p12-in Cert.pem-inkey key.pem
CER/DER--PEM (coded DER--BASE64)
Openssl x509-inform der-in certificate.cer-out certificate.pem
P7B--PEM (PKCS#7--PEM)
Openssl pkcs7-print_certs-in certificate.p7b-out certificate.cer
P7B--PFX (PKCS#7--PKCS#12)
Openssl pkcs7-print_certs-in certificate.p7b-out certificate.cer
Openssl pkcs12-export-in certificate.cer-inkey privateKey.key-out certificate.pfx-certfile CACert.cer
PFX/p12--PEM (PKCS#12--PEM)
Openssl pkcs12-in certificate.pfx-out certificate.cer
If you do not need to encrypt the private key in pem, you can add the option-nodes;. If you do not need to export the private key, you can add the option-nokeys.
PEM BASE64--X.509 text format
Openssl x509-in Key.pem-text-out Cert.pem
Extract private key (.key) from PFX file
Openssl pkcs12-in mycert.pfx-nocerts-nodes-out mycert.key
PEM--SPC
Openssl crl2pkcs7-nocrl-certfile venus.pem-outform DER-out venus.spc
PEM--PVK (supported by openssl 1.x)
Openssl rsa-in mycert.pem-outform PVK-pvk-strong-out mypvk.pvk
PEM--PVK (for versions prior to openssl 1.x, you can download the PVK converter with the following command)
Pvk-in ca.key-out ca.pvk-nocrypt-topvk
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.