I am new to SSL and trying to find some method or code which can convert .pem file to .crt using Python3 and OpenSSL.
Have searced through openSSL docs there is resource for shell script but wasn't able gain much python3..
Also I tried with some shell script
import os
cmd = 'openssl x509 -outform der -in cert.pem -out cert.pem.crt'
os.system(cmd)
but when I open the newly converted .crt file
i getting some gibberish words
instead of below words or encoding
-----BEGIN CERTIFICATE-----
... (certificate in base64 PEM encoding) ...
-----END CERTIFICATE-----
If anyone can share some idea or code will be helpful. Thanks in advance
Related
I have a PKCS12 file containing a certificate chain and a private key.
I would like to use BouncyCastle to create a CRT file with that cert chain, the same way we can do using OpenSSL command-line tool:
openssl pkcs12 -in [yourfilename.pfx] -clcerts -nokeys -out [certificatename.crt]
I was already able to load the pkcs12 Keystore and obtain the certificates:
Certificate[] certs = pKeyStore.getCertificateChain(pAlias);
But I wasn't able to find a store builder for a CRT file that could accept the array of certificates above...
The class you are looking for is org.bouncycastle.openssl.jcajce.JcaPEMWriter in bcpkix. You can use its write method to encode all sorts of JCE interfaces (X509Certificate, X509CRL, PublicKey, PrivateKey, KeyPair) to a PEM file.
In your case:
final JcaPEMWriter pemWriter = new JcaPEMWriter(System.out);
for (final Certificate cert : certs) {
pemWriter.write(cert);
}
I got pvt-key.txt, certificate.crt and bundle.crt files from godaddy.
I am setting ssl for node js backend using https options
var httpsoptions = {
key: fs.readFileSync("pvt-key.txt"),
cert: fs.readFileSync("certificate.crt")
};
but it is not working.
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
I also converted .txt to .pem but there is same error. if I generate key from this command
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey2.key -out certificate2.crt
then it works. I think there should be .key extension instead of .pem or .txt. Please help me to convert file into .key extension. Thank you in advance.
The extension of the file doesn't matter so much, but the contents of the file do. I suspect node wants a PEM encoded private key. You can convert a DER encoded private key to a PEM one like this:
openssl rsa -in pvt-key.txt -outform pem -out pvt-key.key
In order to accomplish this, #vcsjones provided the solution I was able to use.
openssl rsa -in pvt-key.txt -outform pem -out pvt-key.key
But, I got the same error as others:
Expecting: ANY PRIVATE KEY.
My fix was found in https://stackoverflow.com/a/54026652.
Open the key file in Notepad++ and verify the encoding. If it says UTF-8-BOM then change it to UTF-8. Save the file and try again.
I have a .key file with password and I need to get the .pem file with RSA PKCS8 method with NodeJS function.
The command I use to do it with OpenSSL is the following
How can I do this in NodeJS???
openssl pkcs8 -inform DER -in file.key -out file.pem -passin pass:passwordkey
Let's say for example you have a key.pem file in a https folder and you want it as a parameter for your server options. You can get it via fs.readFileSync. Hope this helps.
const path = require("path");
server.httpsServerOptions = {
key: fs.readFileSync(path.join(_dirName, "./../https/key.pem"))
};
Using a new utility kyrtool, I've been trying to create keyring and import the particular domain certificate into it.
Certificate has been issued by RapidSSL. It's an SHA2 certificate issued for "*.domain.tld".
First of all I've created a new keyring file:
kyrtool create -k C:\path\keyring.kyr -p password
Then I've converted my pfx certificate to pem in opnessl:
openssl pkcs12 -in certificate.pfx -out certificate.pem
Then I've tried to import my PEM into the new keyring:
kyrtool import all -i certificate.pem -k C:\path\keyring.kyr -v
And an error occured:
Using keyring path 'C:\path\keyring.kyr'
No private key found in the input file
ReadPEMPrivateKey returned error 0x0495
Invalid arguments
My PEM certificate contains both -----BEGIN RSA PRIVATE KEY----- and -----BEGIN CERTIFICATE----- blocks.
Any idea?
Thanks, JiKra
Ok, problem was with the wrong order in certificate chain in PEM file. There was a global CA (GeoTrust CA) certificate before the issuer certificate (RapidSSL 256 - G3).
We've resolved the problem by dividing the whole certificate into four separate PEM files and importing them in the proper order.
kyrtool import keys
kyrtool import certs
kyrtool import roots ...global
kyrtool import roots ...intemediate
JiKra
EDIT 1:
As we realized, the main problem could be with the intermediate certificate of RapidSSL 256 G3 where there were no paddings at the end. This certificate ends exactly with 7bit content:
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYT
AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVz
dCBHbG9iYWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UE
AxMXUmFwaWRTU0wgU0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvVJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBd
mJyNkA+8EGVf2prWRHzAn7XpSowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9E
X9zHFLYDn4ZLDqP/oIACg8PTH2lS1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4K
jxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQDAP8m/0Ip4yM26eO8R5j3LMBL3+v
V8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AMQriYrRmIV9cE7Ie/fodOoyH5
U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkpYEj4/5G8V1jlNS67abZZ
AgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrM
TjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYDVR0TAQH/BAgw
BgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0
cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEB
BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdl
b3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCj
WB7GQzKsrC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/C
J8cW8fuTgZCpfO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5Uz
CHuTcSJCs6nZb0+BkvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5h
o452nFnPjJSxhJf3GrkHuLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq
7A6rvz17OQV79PP7GqHQyH5OZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWm
My66S6VdU5oNMOGNX2Esr8zvsJmhgP8L8mJMcCaY
-----END CERTIFICATE-----
I am trying to import Gmails smtp certificate for use with Jira, but I get this error when importing using Javas keytool.
I used openssl to get the certificate, everything between ----Begin Certificate---- and ----End Certificate---- (inclusive). I also attempted to create an x.509 certificate using Windows Certificate Manager, but still get this error. I have verified that there are no extra whitespaces in the file.
I have seen many people with this problem online, but none of the solutions seem to work for me. Any help would be appreciated.
Thanks
openssl x509 -outform der -in foo.pem -out foo.der
Then use the DER-encoded output certificate.
The answer is correct but be sure to INCLUDE the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the copy/paste.
This command will then work:
openssl x509 -outform der -in gmail.pem -out gmail.der
and then you do:
sudo keytool -import -file gmail.der -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts
Unfortunately, openssl didn't work for me.
unable to load certificate 2740:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:./crypto/as n1/tasn_dec.c:1294:
2740:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:./ crypto/asn1/tasn_dec.c:380:Type=X509_CINF
2740:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e
rror:./crypto/asn1/tasn_dec.c:749:Field=cert_info, Type=X509
2740:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
lib:./crypto/pem/pem_oth .c:83:
Used this knowledge base and success followed.
https://knowledge.verisign.ch/support/code-signing-support/index?page=content&id=SO18659&actp=search&viewlocale=en_US&searchid=1343045026667