Solved

openssl x509 conversion from DER to PEM is failing on Apache server

Posted on 2010-09-03
12
478 Views
Last Modified: 2012-06-21
Hi Experts,

I have a certificate installed on a server and had been facing problems with it. Now I found a note by the previous developer saying certificates need to be converted from DER format to PEM format using the openssl x509 command.

I navigated to the location of the certificate and ran the command as he wrote it and got these errors (attached image). Appreciate your help
certificatesError.jpg
0
Comment
Question by:Samooramad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 33602464
http://rt.openssl.org/Ticket/Display.html?id=2007&user=guest&pass=guest

the answer is:
"The certificate is not in the correct format for OpenSSL. If you look at
it is is base64 encoded all on one line. You can convert to DER with:

openssl base64 -d -A -in 1.cer -out 1.der"

bye
0
 

Author Comment

by:Samooramad
ID: 33603526
Sorry not sure I get your point, could you please elaborate
0
 

Author Comment

by:Samooramad
ID: 33603963
I want to convert to PEM not to DER. Is there any way to convert directly to PEM format?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 43

Expert Comment

by:ravenpl
ID: 33606285
I just have reproduced Your error. It shown when I supplies the "-in something.crt" already in PEM format(or at least not DER).
So I suppose Your sagia.crt is already PEM or at least not DER.
How does the file look inside? DER is binary format, PEM base64 encoded?
PEM starts with "-----BEGIN CERTIFICATE-----" line...
BTW: don't attach the certificate file here, unless You 200% sure the private key is in separate file(private key may be bundled into certificate file).
0
 

Author Comment

by:Samooramad
ID: 33614307
When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned? Or did you mean the certificate request file?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33615136
> Or did you mean the certificate request file?
No.

> When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned?
Windows? Notepad maybe?
0
 

Author Comment

by:Samooramad
ID: 33616594
opened it and it has "-----BEGIN CERTIFICATE-----"  and also "-----ENDCERTIFICATE-----"

tags in the file, does this mean it is PEM format?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33617206
Yes, then it's already PEM format.
0
 

Author Comment

by:Samooramad
ID: 33622620
couldn't be any other format?
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 350 total points
ID: 33624538
If if enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" then it is PEM format.
If there's also private key bounded, it can be encrypted with password. If it is, then You should also find lines similar to
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,C814158661DC1449
    AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA==
    -----END RSA PRIVATE KEY-----

Also, to verify it's PEM try converting to DER :)
openssl x509 -in sagia.crt -outform der -out sagia.crt.der
0
 

Author Comment

by:Samooramad
ID: 33659215
sorry for the delay replying.. I was traveling and just saw this. Let me check again and will post soon. Thanks!
0
 

Author Comment

by:Samooramad
ID: 33701406
yeah the key I created begins with
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E1493D1996EE5923


and ends with
-----END RSA PRIVATE KEY-----
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question