OpenSSL PKCS7 Certificate Utilities: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 7: | Line 7: | ||
== PKCS Commands == | == PKCS Commands == | ||
# If the contents of the file contains "-----BEGIN CERTIFICATE-----", verify the file is a PKCS7. | # If the contents of the file contains "-----BEGIN CERTIFICATE-----", verify the file is a PKCS7. | ||
## <tt>'''# openssl pkcs7 -text -in <certificate>.crt | ## <tt>'''# openssl pkcs7 -text -in <certificate>.crt'''</tt> | ||
## The output will return a line that reads "-----BEGIN PKCS7-----" or "-----END PKCS7-----". | ## The output will return a line that reads "-----BEGIN PKCS7-----" or "-----END PKCS7-----". | ||
# View the contents of a PKCS7 DER-formatted certificate: | # View the contents of a PKCS7 DER-formatted certificate: | ||
## # openssl pkcs7 -inform der -noout -text -print_certs -in <certificate>.p7b | ## <tt>'''# openssl pkcs7 -inform der -noout -text -print_certs -in <certificate>.p7b'''</tt> | ||
# View the contents of a PKCS7 PEM-formatted certificate. | # View the contents of a PKCS7 PEM-formatted certificate. | ||
## # openssl pkcs7 -noout -text -print_certs -in <certificate>.p7b | ## <tt>'''# openssl pkcs7 -noout -text -print_certs -in <certificate>.p7b'''</tt> | ||
# Convert a PKCS7 DER-formatted certificate to a PKCS7 PEM-formatted certificate. | # Convert a PKCS7 DER-formatted certificate to a PKCS7 PEM-formatted certificate. | ||
## # openssl pkcs7 -inform der -in <certificate-der>.p7b -out <certificate-pem>.p7b | ## <tt>'''# openssl pkcs7 -inform der -in <certificate-der>.p7b -out <certificate-pem>.p7b'''</tt> | ||
# Convert a PKCS7 PEM-formatted certificate to a PKCS7 DER-formatted certificate. | # Convert a PKCS7 PEM-formatted certificate to a PKCS7 DER-formatted certificate. | ||
## # openssl pkcs7 -in <certificate-pem>.p7b -outform der -out <certificate-der>.p7b | ## <tt>'''# openssl pkcs7 -in <certificate-pem>.p7b -outform der -out <certificate-der>.p7b'''</tt> | ||
# Convert a PKCS7 DER-formatted certificate to an x509 PEM-formatted certificate. | # Convert a PKCS7 DER-formatted certificate to an x509 PEM-formatted certificate. | ||
## # openssl pkcs7 -inform der -in <certificate-der>.p7b -print_certs -out <certificate-x509>.crt | ## <tt>'''# openssl pkcs7 -inform der -in <certificate-der>.p7b -print_certs -out <certificate-x509>.crt'''</tt> | ||
# Convert a PKCS7 PEM-formatted certificate to an x509 PEM-formatted certificate. | # Convert a PKCS7 PEM-formatted certificate to an x509 PEM-formatted certificate. | ||
## # openssl pkcs7 -in <certificate-pem>.p7b -print_certs -out <certificate-x509>.crt | ## <tt>'''# openssl pkcs7 -in <certificate-pem>.p7b -print_certs -out <certificate-x509>.crt'''</tt> |
Revision as of 20:34, 8 January 2016
PKCS7 Information
- Extension(s) .p7b, .p7c, .spc, .pem
- A PKCS7 certificate is serialized using either PEM or DER format.
- PKCS7 certificate (or PKCS #7 certificate) is a degenerate form of the PKCS #7 cryptographic message standard defined in RFC 2315. It stores only * X.509 certificates (or possibly a certificate revocation list), with no encrypted data.
- PEM-formatted files have a line that reads "-----BEGIN PKCS7-----" or "-----BEGIN PKCS #7 SIGNED DATA-----" or "-----BEGIN CERTIFICATE-----". However, this does not distinguish them from other PKCS7 data types.
PKCS Commands
- If the contents of the file contains "-----BEGIN CERTIFICATE-----", verify the file is a PKCS7.
- # openssl pkcs7 -text -in <certificate>.crt
- The output will return a line that reads "-----BEGIN PKCS7-----" or "-----END PKCS7-----".
- View the contents of a PKCS7 DER-formatted certificate:
- # openssl pkcs7 -inform der -noout -text -print_certs -in <certificate>.p7b
- View the contents of a PKCS7 PEM-formatted certificate.
- # openssl pkcs7 -noout -text -print_certs -in <certificate>.p7b
- Convert a PKCS7 DER-formatted certificate to a PKCS7 PEM-formatted certificate.
- # openssl pkcs7 -inform der -in <certificate-der>.p7b -out <certificate-pem>.p7b
- Convert a PKCS7 PEM-formatted certificate to a PKCS7 DER-formatted certificate.
- # openssl pkcs7 -in <certificate-pem>.p7b -outform der -out <certificate-der>.p7b
- Convert a PKCS7 DER-formatted certificate to an x509 PEM-formatted certificate.
- # openssl pkcs7 -inform der -in <certificate-der>.p7b -print_certs -out <certificate-x509>.crt
- Convert a PKCS7 PEM-formatted certificate to an x509 PEM-formatted certificate.
- # openssl pkcs7 -in <certificate-pem>.p7b -print_certs -out <certificate-x509>.crt