Private keys and certificates can be stored in a variety of formats, which means that you’ll often need to convert them from one format to another. The most common formats are:

Binary (DER) certificate

Contains an X.509 certificate in its raw form, using DER ASN.1 encoding.

ASCII (PEM) certificate(s)

Contains a base64-encoded DER certificate, with -----BEGIN CERTIFICATE----- used as the header and -----END CERTIFICATE----- as the footer.

Binary (DER) key

Contains a private key in its raw form, using DER ASN.1 encoding. OpenSSL creates keys in its own traditional (SSLeay) format. There’s also an alternative format called PKCS#8 (defined in RFC 5208), but it’s not widely used. OpenSSL can convert to and from PKCS#8 format using the pkcs8 command.

ASCII (PEM) key

Contains a base64-encoded DER key, sometimes with additional metadata (e.g., the algorithm used for password protection).

PKCS#7 certificate(s)

A complex format designed for the transport of signed or encrypted data, defined in RFC 2315. It’s usually seen with .p7b and .p7c extensions and can include the entire certificate chain as needed. This format is supported by Java’s keytool utility.

PKCS#12 (PFX) key and certificate(s)

A complex format that can store and protect a server key along with an entire certificate chain. It’s commonly seen with .p12 and .pfx extensions. This format is commonly used in Microsoft products, but is also used for client certificates. These days, the PFX name is used as a synonym for PKCS#12, even though PFX referred to a different format a long time ago (an early version of PKCS#12). It’s unlikely that you’ll encounter the old version anywhere.

Key and Certificate Conversion的更多相关文章

  1. 【Azure 环境】把OpenSSL生产的自签名证书导入到Azure Key Vault Certificate中报错

    问题描述 通过本地生成的自签名证书导入到Azure Key Vault Certificate报错. 错误信息 the specified PEM X.509 certificate content ...

  2. 【Azure Developer - 密钥保管库 】使用 Python Azure SDK 实现从 Azure Key Vault Certificate 中下载证书(PEM文件)

    问题描述 在Azure Key Vault中,我们可以从Azure门户中下载证书PEM文件到本地. 可以通过OpenSSL把PFX文件转换到PEM文件.然后用TXT方式查看内容,操作步骤如下图: Op ...

  3. openssl - cookbook

    1.openssl 2.Testing 3.Best Practices last 1.openssl 1.1.Key and Cerificate Management Run a web serv ...

  4. Certificate Formats | Converting Certificates between different Formats

    Different Platforms & Devices requires SSL certificates in different formatseg:- A Windows Serve ...

  5. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  6. Conversion Operators in OpenCascade

    Conversion Operators in OpenCascade eryar@163.com Abstract. C++ lets us redefine the meaning of the ...

  7. [转载]iOS Provisioning Profile(Certificate)与Code Signing详解

    原文:http://blog.csdn.net/phunxm/article/details/42685597 引言 关于开发证书配置(Certificates & Identifiers & ...

  8. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)[zz]

    openssl dgst –sign privatekey.pem –sha1 –keyform PEM –c c:\server.pem 将文件用sha1摘要,并用privatekey.pem中的私 ...

  9. iOS Provisioning Profile(Certificate)与Code Signing详解

    引言 关于开发证书配置(Certificates & Identifiers & Provisioning Profiles),相信做 iOS 开发的同学没少被折腾.对于一个 iOS ...

随机推荐

  1. iOS程序自动检测更新的实现

      本文转载至 http://blog.csdn.net/davidsph/article/details/8931718 App Store自动更新itunes     之前项目需要用到app自动更 ...

  2. Altium Designer 敷铜间距设置,真实有效

    在任一PCB视图时,点击设计->规则,弹出规则设置对话框,如下图 找到Clearance,如下图, 使用右键单击,选择 新规则,如下图 在新规则上单击,在右侧 where  the first ...

  3. Spring Boot:Thymeleaf篇

    Spring Boot干货系列:(四)Thymeleaf篇http://www.cnblogs.com/zheting/p/6707037.html 前言 Web开发是我们平时开发中至关重要的,这里就 ...

  4. 我的Android进阶之旅------>Android通过使用Matrix旋转图片来模拟碟片加载过程

    今天实现了一个模拟碟片加载过程的小demo,在此展示一下.由于在公司,不好截取动态图片,因此就在这截取两张静态图片看看效果先. 下面简单的将代码列出来. setp1.准备两张用于旋转的图片,如下:lo ...

  5. spring 配置bean-自己主动装配

    版权声明:本文为博主原创文章,未经博主同意不得转载. https://blog.csdn.net/qilixiang012/article/details/28260477 概要:(蓝色为本节所讲) ...

  6. 【Leetcode-easy】Remove Duplicates from Sorted Array

    题目要求:删除排好序的含有重复元素的数组.返回去除重复后的数组长度,并更新原始数组.不能使用额外空间. 思路:要不额外的使用内存空间,那么只有遍历数组,count保持下一个不重复的数字,遍历过程中如果 ...

  7. Understanding JDBC Internals & Timeout Configuration

    原版:http://www.cubrid.org/blog/dev-platform/understanding-jdbc-internals-and-timeout-configuration 中文 ...

  8. plsql连接oracle 64位数据库ORA-12514错误

    今天帮小师妹还原数据库,删除表空间的时候把数据库搞坏了,plsql连接时报了 ORA-12514: TNS:listener does not currently know of service re ...

  9. IIS反向代理实现Revel域名访问

    Revel实现域名访问 1.在cmd中启动revel项目,我设置的端口为8000 2.下载IIS的Application Request Routing Cache组件下载地址 3.安装ARR 4.打 ...

  10. Rabbitmq+Nginx+keepalived高可用热备

    摘自: http://www.cnblogs.com/wangyichen/p/4917241.html 公司两台文件服务器要做高可用,避免单点故障,故采用keepalived实现,其中一台宕机,依靠 ...