Solved

openssl x509 conversion from DER to PEM is failing on Apache server

Posted on 2010-09-03
12
477 Views
Last Modified: 2012-06-21
Hi Experts,

I have a certificate installed on a server and had been facing problems with it. Now I found a note by the previous developer saying certificates need to be converted from DER format to PEM format using the openssl x509 command.

I navigated to the location of the certificate and ran the command as he wrote it and got these errors (attached image). Appreciate your help
certificatesError.jpg
0
Comment
Question by:Samooramad
  • 7
  • 4
12 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 33602464
http://rt.openssl.org/Ticket/Display.html?id=2007&user=guest&pass=guest

the answer is:
"The certificate is not in the correct format for OpenSSL. If you look at
it is is base64 encoded all on one line. You can convert to DER with:

openssl base64 -d -A -in 1.cer -out 1.der"

bye
0
 

Author Comment

by:Samooramad
ID: 33603526
Sorry not sure I get your point, could you please elaborate
0
 

Author Comment

by:Samooramad
ID: 33603963
I want to convert to PEM not to DER. Is there any way to convert directly to PEM format?
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 43

Expert Comment

by:ravenpl
ID: 33606285
I just have reproduced Your error. It shown when I supplies the "-in something.crt" already in PEM format(or at least not DER).
So I suppose Your sagia.crt is already PEM or at least not DER.
How does the file look inside? DER is binary format, PEM base64 encoded?
PEM starts with "-----BEGIN CERTIFICATE-----" line...
BTW: don't attach the certificate file here, unless You 200% sure the private key is in separate file(private key may be bundled into certificate file).
0
 

Author Comment

by:Samooramad
ID: 33614307
When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned? Or did you mean the certificate request file?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33615136
> Or did you mean the certificate request file?
No.

> When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned?
Windows? Notepad maybe?
0
 

Author Comment

by:Samooramad
ID: 33616594
opened it and it has "-----BEGIN CERTIFICATE-----"  and also "-----ENDCERTIFICATE-----"

tags in the file, does this mean it is PEM format?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33617206
Yes, then it's already PEM format.
0
 

Author Comment

by:Samooramad
ID: 33622620
couldn't be any other format?
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 350 total points
ID: 33624538
If if enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" then it is PEM format.
If there's also private key bounded, it can be encrypted with password. If it is, then You should also find lines similar to
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,C814158661DC1449
    AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA==
    -----END RSA PRIVATE KEY-----

Also, to verify it's PEM try converting to DER :)
openssl x509 -in sagia.crt -outform der -out sagia.crt.der
0
 

Author Comment

by:Samooramad
ID: 33659215
sorry for the delay replying.. I was traveling and just saw this. Let me check again and will post soon. Thanks!
0
 

Author Comment

by:Samooramad
ID: 33701406
yeah the key I created begins with
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E1493D1996EE5923


and ends with
-----END RSA PRIVATE KEY-----
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MySQL limit and not so limited 13 41
Length of for loop to be dynamic 2 33
Certificate Request CentOS/Apache 1 23
How do i use the await event in php echo 5 19
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question