Solved

openssl x509 conversion from DER to PEM is failing on Apache server

Posted on 2010-09-03
12
476 Views
Last Modified: 2012-06-21
Hi Experts,

I have a certificate installed on a server and had been facing problems with it. Now I found a note by the previous developer saying certificates need to be converted from DER format to PEM format using the openssl x509 command.

I navigated to the location of the certificate and ran the command as he wrote it and got these errors (attached image). Appreciate your help
certificatesError.jpg
0
Comment
Question by:Samooramad
  • 7
  • 4
12 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 33602464
http://rt.openssl.org/Ticket/Display.html?id=2007&user=guest&pass=guest

the answer is:
"The certificate is not in the correct format for OpenSSL. If you look at
it is is base64 encoded all on one line. You can convert to DER with:

openssl base64 -d -A -in 1.cer -out 1.der"

bye
0
 

Author Comment

by:Samooramad
ID: 33603526
Sorry not sure I get your point, could you please elaborate
0
 

Author Comment

by:Samooramad
ID: 33603963
I want to convert to PEM not to DER. Is there any way to convert directly to PEM format?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 43

Expert Comment

by:ravenpl
ID: 33606285
I just have reproduced Your error. It shown when I supplies the "-in something.crt" already in PEM format(or at least not DER).
So I suppose Your sagia.crt is already PEM or at least not DER.
How does the file look inside? DER is binary format, PEM base64 encoded?
PEM starts with "-----BEGIN CERTIFICATE-----" line...
BTW: don't attach the certificate file here, unless You 200% sure the private key is in separate file(private key may be bundled into certificate file).
0
 

Author Comment

by:Samooramad
ID: 33614307
When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned? Or did you mean the certificate request file?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33615136
> Or did you mean the certificate request file?
No.

> When I open the file I see it in Windows console with the information on it... so how do I view the text you mentioned?
Windows? Notepad maybe?
0
 

Author Comment

by:Samooramad
ID: 33616594
opened it and it has "-----BEGIN CERTIFICATE-----"  and also "-----ENDCERTIFICATE-----"

tags in the file, does this mean it is PEM format?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 33617206
Yes, then it's already PEM format.
0
 

Author Comment

by:Samooramad
ID: 33622620
couldn't be any other format?
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 350 total points
ID: 33624538
If if enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" then it is PEM format.
If there's also private key bounded, it can be encrypted with password. If it is, then You should also find lines similar to
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,C814158661DC1449
    AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA==
    -----END RSA PRIVATE KEY-----

Also, to verify it's PEM try converting to DER :)
openssl x509 -in sagia.crt -outform der -out sagia.crt.der
0
 

Author Comment

by:Samooramad
ID: 33659215
sorry for the delay replying.. I was traveling and just saw this. Let me check again and will post soon. Thanks!
0
 

Author Comment

by:Samooramad
ID: 33701406
yeah the key I created begins with
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E1493D1996EE5923


and ends with
-----END RSA PRIVATE KEY-----
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redirect to catagorie in case of 404 4 23
AWS EC2 HTTP & HTTPS 2 44
Custom Wordpress Loop 22 38
Log in through ID 5 17
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question