openssl - x509

X.509 is a standard defining the format of public-key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures.

 

An X.509 (also called digital) certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed.

 

When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.

These extensions generally map to two major encoding schemes for X.509 certificates and keys: PEM (Base64 ASCII), and DER (binary).

 

两种格式:

 

PEM

PEM (originally “Privacy Enhanced Mail”) is the most common format for X.509 certificates, CSRs, and cryptographic keys. A PEM file is a text file containing one or more items in Base64 ASCII encoding, each with plain-text headers and footers (e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----). A single PEM file could contain an end-entity certificate, a private key, or multiple certificates forming a complete chain of trust. Most certificate files downloaded from SSL.com will be in PEM format.

PEM Filename Extensions

PEM files are usually seen with the extensions .crt.pem.cer, and .key (for private keys), but you may also see them with different extensions.

 

In the OpenSSL commands below, replace the filenames in ALL CAPS with the actual paths and filenames you are working with.

View contents of PEM certificate file

openssl x509 -in CERTIFICATE.pem -text -noout

Convert PEM certificate to DER

openssl x509 -outform der -in CERTIFICATE.pem -out CERTIFICATE.der

 

 

 

 

 

DER

DER (Distinguished Encoding Rules) is a binary encoding for X.509 certificates and private keys. Unlike PEM, DER-encoded files do not contain plain text statements such as -----BEGIN CERTIFICATE-----. DER files are most commonly seen in Java contexts.

DER Filename Extensions

DER-encoded files are usually found with the extensions .der and .cer.

 

In the OpenSSL commands below, replace the filenames in ALL CAPS with the actual paths and filenames you are working with.

View contents of DER-encoded certificate file

openssl x509 -inform der -in CERTIFICATE.der -text -noout

Convert DER-encoded certificate to PEM

openssl x509 -inform der -in CERTIFICATE.der -out CERTIFICATE.pem






https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/



 

posted @ 2021-10-25 12:00  xman888  阅读(206)  评论(0)    收藏  举报