I have windows .crl file.
Can I convert it into a .pem file to nginx using openssl?
openssl crl -in crl.crl -noout -text
unable to load CRL
139765490861728:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: X509 CRL
The error means that your crl file is not encoded properly in PEM format with right header and footer. Have the right PEM encoded crl file.
If the CRL is in DER format:
openssl crl -in your_current.crl -inform DER -out crl.pem
Now you can use crl.pem as you mentioned in question.
openssl crl -in crl.pem -noout -text
Related
I have 4 certificates with the following extensions
_com-bundle.pem
_com.der
_com.p7b
_com.pem
In my internal tool i need to add the SSL Cert and SSL key.
How can i merge/extract the correct cert and key from the above extensions?
i've tried the bellow command
openssl x509 -inform DER -in *_com.pem -outform PEM -out cert.pem
but i've received and error that the key file is incorrect
I bought a (E-mail ID Business (S/MIME)) certificate from certum, hoping to use to sign pdf files more affordable.
They have send me the files in plain(pem) and in binary(cer).
Here is the file list I downloaded:
Certificate chain Certum Digital Identification CA SHA2.cer
Certificate chain Certum Digital Identification CA SHA2.pem
Certificate chain Certum Trusted Network CA.cer
Certificate chain Certum Trusted Network CA.pem
Certificate.cer
Certificate.pem
I tried to use below command to create p12 file.
"openssl.exe" pkcs12 -export -in D:\xampp_data\MIME\Certificate.cer -inkey D:\xampp_data\MIME\Certificate.cer -out Certificate.p12 -name "MyCert" -password pass:MyCert
When using the command with D:\xampp\php\extras\openssl\openssl.exe, windows 11 console does not gives any error. And there is no output file too.
When using the command with C:\Program Files\OpenSSL-Win64\bin\openssl.exe, windows 11 console gives below error. Win64 OpenSSL v3.0.5 Light
D:\xampp_data\MIME>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -in D:\xampp_data\MIME\Certificate.cer -out Certificate.p12 -name "MyCert" -password pass:MyCert
Could not read private key from -in file from D:\xampp_data\MIME\Certificate.cer
We are trying to update an SSL certificate in our Azure Web App. Accordingly to the Private Certificate Requirements we need to use triple DES for a private key now. Here's are steps that I'm doing:
Generate private key on my PC using triple DES:
openssl genrsa -des3 -out privatekey.key 2048
Generate csr:
openssl req -new -key privatekey.key -out mycsr.csr
Re-key certificate on Godaddy Portal.
Using new crt-file generate a pfx:
openssl pkcs12 -export -out cert.pfx -inkey privatekey.key -in mycert.crt
Unfortunately, generated certificate is not accepted by Azure portal. I'm getting an error message "The password is incorrect, or the certificate is not valid".
Ubuntu 22.04 uses a yescrypt hashing algorythm. Try to generate the pfx on
I'm trying to generate a key to enable https on apache server under linux.
I took the certificat from godaddy that gave me .crt and .pem
I've tried to generate the key from the pem in many way:
openssl pkey -in foo.pem -out foo.key
openssl rsa -in foo.pem -out foo.key
Then I tried by an other way explain in some post I've found under stackoverflow
openssl rsa -in key.pem -out keyout.pem
and I always get this error message:
unable to load Private Key
139675415795008:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
Someone can explain to me what is my mistake and how to resolve it ?
Thanks a lot
I have following wildcard certificate files from GlobalSign Authority.
root.crt
intermediate.crt
private.key
I want to configure tomcat HTTPS using above cert files. I believe Tomcat support PKCS12 format.
How do i convert those certificate files in PKSC12 format? also how do i import them in tomcat keystore, specially intermediate cert?
Use openssl to create your PKCS12 file
First create a single intcacerts.pem file with your intermediate(s) and CA, pasted one after each other (they must be in PEM format).
Then call openssl
openssl pkcs12 -export -in myservercert.pem -inkey private.key -certfile intcacerts.pem -name "aFriendlyName" -out keyandcerts.p12
(myservercert.pem is the server certificate in PEM, intcacerts.pem contains the intermediate(s) and CA as described above, private.key is the private key associated with the server certificate)
The documentation for openssl pkcs12 is here
To convert the generated PKCS12 into a JKS keystore, do something like this
keytool -importkeystore -srckeystore keyandcerts.p12 -srcstoretype PKCS12 -destkeystore myJKS.jks