You were right, converting the strings from hex to binary and treating it
in DER form works great.
The first line isn't the fingerprint though, but the serial number.
Thanks for the help :)
> > I'm configuring a few cisco routers to do IKE for our VPN's. Works great
> > with pre-shared keys, but for scalability purposes I'd like to use
> > certificates, which requires the use of a CA. But the ciscos store keys
> > and certificates in a format I'm not familiar with and was wondering if
> > anyone had any idea. Here's an example certificate grabbed from
> >
> [example]
>
> The bit starting "3082" Looks like just the hex dump of something: maybe
> just the certificate. Try converting to a binary file and running:
>
> openssl x509 -inform DER -in cert.der
>
> on it.
>
> The figure at the start may be a fingerprint, try:
>
> openssl x509 -inform DER -in cert.der -fingerprint -noout
>
> and see if it agrees.
>
> If both operations work then just reverse the process.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
