OpenSSL PKCS7 Certificate Utilities
Jump to navigation
Jump to search
PKCS7 Information
- Extension(s) .p7b, .p7c, .spc, .pem
- A PKCS7 certificate is serialized using either PEM or DER format.
- PKCS7 certificate (or PKCS #7 certificate) is a degenerate form of the PKCS #7 cryptographic message standard defined in RFC 2315. It stores only * X.509 certificates (or possibly a certificate revocation list), with no encrypted data.
- PEM-formatted files have a line that reads "-----BEGIN PKCS7-----" or "-----BEGIN PKCS #7 SIGNED DATA-----" or "-----BEGIN CERTIFICATE-----". However, this does not distinguish them from other PKCS7 data types.
PKCS7 Commands
- If the contents of the file contains "-----BEGIN CERTIFICATE-----", verify the file is a PKCS7.
- # openssl pkcs7 -text -in <certificate>.crt
- The output will return a line that reads "-----BEGIN PKCS7-----" or "-----END PKCS7-----".
- View the contents of a PKCS7 DER-formatted certificate:
- # openssl pkcs7 -inform der -noout -text -print_certs -in <certificate>.p7b
- View the contents of a PKCS7 PEM-formatted certificate.
- # openssl pkcs7 -noout -text -print_certs -in <certificate>.p7b
- Convert a PKCS7 DER-formatted certificate to a PKCS7 PEM-formatted certificate.
- # openssl pkcs7 -inform der -in <certificate-der>.p7b -out <certificate-pem>.p7b
- Convert a PKCS7 PEM-formatted certificate to a PKCS7 DER-formatted certificate.
- # openssl pkcs7 -in <certificate-pem>.p7b -outform der -out <certificate-der>.p7b
- Convert a PKCS7 DER-formatted certificate to an x509 PEM-formatted certificate.
- # openssl pkcs7 -inform der -in <certificate-der>.p7b -print_certs -out <certificate-x509>.crt
- Convert a PKCS7 PEM-formatted certificate to an x509 PEM-formatted certificate.
- # openssl pkcs7 -in <certificate-pem>.p7b -print_certs -out <certificate-x509>.crt