Solved

openssl x509 conversion from DER to PEM is failing on Apache server

Posted on 2010-09-03
12
465 Views
Last Modified: 2012-06-21
Hi Experts,

I have a certificate installed on a server and had been facing problems with it. Now I found a note by the previous developer saying certificates need to be converted from DER format to PEM format using the openssl x509 command.

I navigated to the location of the certificate and ran the command as he wrote it and got these errors (attached image). Appreciate your help
certificatesError.jpg
0
Comment
Question by:Samooramad
  • 7
  • 4
12 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 33602464
http://rt.openssl.org/Ticket/Display.html?id=2007&user=guest&pass=guest

the answer is:
"The certificate is not in the correct format for OpenSSL. If you look at
it is is base64 encoded all on one line. You can convert to DER with:

openssl base64 -d -A -in 1.cer -out 1.der"

bye
0
 

Author Comment

by:Samooramad
ID: 33603526
Sorry not sure I get your point, could you please elaborate
0
 

Author Comment

by:Samooramad
ID: 33603963
I want to convert to PEM not to DER. Is there any way to convert directly to PEM format?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33606285
I just have reproduced Your error. It shown when I supplies the "-in something.crt" already in PEM format(or at least not DER).
So I suppose Your sagia.crt is already PEM or at least not DER.
How does the file look inside? DER is binary format, PEM base64 encoded?
PEM starts with "-----BEGIN CERTIFICATE-----" line...
BTW: don't attach the certificate file here, unless You 200% sure the private key is in separate file(private key may be bundled into certificate file).
0
 

Author Comment

by:Samooramad
ID: 33614307
When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned? Or did you mean the certificate request file?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33615136
> Or did you mean the certificate request file?
No.

> When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned?
Windows? Notepad maybe?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Samooramad
ID: 33616594
opened it and it has "-----BEGIN CERTIFICATE-----"  and also "-----ENDCERTIFICATE-----"

tags in the file, does this mean it is PEM format?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33617206
Yes, then it's already PEM format.
0
 

Author Comment

by:Samooramad
ID: 33622620
couldn't be any other format?
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 350 total points
ID: 33624538
If if enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" then it is PEM format.
If there's also private key bounded, it can be encrypted with password. If it is, then You should also find lines similar to
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,C814158661DC1449
    AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA==
    -----END RSA PRIVATE KEY-----

Also, to verify it's PEM try converting to DER :)
openssl x509 -in sagia.crt -outform der -out sagia.crt.der
0
 

Author Comment

by:Samooramad
ID: 33659215
sorry for the delay replying.. I was traveling and just saw this. Let me check again and will post soon. Thanks!
0
 

Author Comment

by:Samooramad
ID: 33701406
yeah the key I created begins with
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E1493D1996EE5923


and ends with
-----END RSA PRIVATE KEY-----
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now