On Mon, Dec 16, 2013 at 04:03:30PM +0100, lists wrote:
> >I have a .pem file. Is there a way to get it converted into .crt
> >and .key files using openssl tool.
>
> ".pem" doesn't say much.
> If it is a file containing both the key and the certificate and it
> is in PEM format (as the name suggests), it is a sort of text.
> You can simply edit it and split it in two files, one containing the part
Using a text editor is not the best approach. To extract the key
in PKCS8 form:
$ (umask 077; openssl pkey -in mumble.pem -out mumble-key.pem)
If the OpenSSL version is older than 1.0.0, to extract the key as an
RSA key.
$ (umask 077; openssl rsa -in mumble.pem -out mumble-key.pem)
To password-protect the key add a "-aes128" option or similar. To
encode it in DER format rather than PEM, add a "-outform DER" option,
for example:
$ (
umask 077
openssl pkey -in mumble.pem -aes128 -outform DER -out mumble-key.der
)
To extract the certificate chain:
$ openssl crl2pkcs7 -nocrl -certfile mumble.pem |
openssl pkcs7 -print_certs -out mumble-chain.pem
To extract the chain in PKCS7 DER form:
$ openssl crl2pkcs7 -nocrl -certfile mumble.pem |
openssl pkcs7 -outform DER -out mumble-chain.spc
To extract just the leaf server certificate in DER form:
$ openssl x509 -in mumble.pem -outform DER -out mumble-cert.crt
One can also create a password-protected DER PKCS12 file with the key
and certificate in one:
$ (
umask 077
openssl pkcs12 -export -in mumble.pem \
-passout "pass:umask 077" -out mumble.p12
)
The above example relies on file access protection with a deliberately
weak password useful for non-interactive operation.
So there are sadly a lot of possibilities, depending on what's actually
available and required.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
