Certificate thematic catalog
- 1. What is a digital certificate and certificates in different formats
- 2. How to view and obtain a certificate
What is a Certificate
What is a digital certificate and digital signature, you can refer to the following articles:
- Ruan Yifeng - What digital signature? Inside an English translation of the article, illustrations digital certificates and digital signatures
- Bolted turtle - The structure and X.509 digital certificate also includes content illustrated, additionally comprising an X.509 certificate format and data structure
- RFC5280 - Internet X.509 Public Key Infrastructure Certificate
X.509 v3
and Certificate Revocation List (CRL) Profile certificate RFC documents, this is the most professional certificate documentation - DER vs. CRT vs. CER vs. PEM Certificates English article about certificates in different formats
Our focus, different formats of certificates:
Certificate Encoding
-
DER
Encoded certificate, the suffix may have.cer
or.crt
certificate content is binary -
PEM
Encoded certificate, certificate content is text Base64-encoded, generally—– BEGIN …
beginning
Common certificate
-
.CRT
Suffix certificate, two encoding formats are supported, generally contains a public key, generally more common in the Linux system -
.CER
Suffix certificate, and.crt
certificate suffixes relatively similar, generally contains a public key -
.KEY
It is often used to store private keys
Operating certificate
Use openssl
the command certificates, and conversion between different formats.
View PEM encoded certificate
openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout
If you encounter an error similar to the following, indicating that the certificate is not encoded PEM, DER encoded certificate is
nable to load certificate
140736189195208:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: TRUSTED CERTIFICATE
View DER encoded certificate
openssl x509 -in certificate.der -inform der -text -noout
Certificate of conversion between different formats
Conversion from PEM to DER
openssl x509 -in cert.pem -outform der -out cert.der
从 DER to PEM
openssl x509 -in cert.crt -inform der -outform pem -out cert.pem
Reproduced in: https: //www.jianshu.com/p/87211efe8b7f