Certificate format conversion with openssl
Merge .crt and .key file into pfx use following syntax:

openssl pkcs12 -export -in public.crt -inkey private.key -out cert.pfx

Enter Export Password:
Verifying - Enter Export Password:
Note remember this password.

Convert .pfx to .pem:

openssl pkcs12 -in cert.pfx -out cert.pem

Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

Convert .pem to .p12:

openssl pkcs12 -export -inkey cert_pem.txt -in cert_pem.txt -out cert.p12

This method is not recommended.

Convert .crt to .pem:

openssl x509 -in cert.crt -out cert.pem -outform PEM

Convert .cer to .crt:
For this conversion we can directly change the extension.

Convert .pem to .crt:

openssl x509 -in cert.pem -out cert.crt

Extract public key and private key from .pem:

openssl x509 -pubkey -noout < certificate_file_name.pem > public_key_file_name.pem
openssl pkey -in cert.pem -out key.pem

View Certificate in CLI:

openssl x509 -in test.cer -noout -text

How to check if pub key matches a private key:

Run following command in open SSL and the output should be same for both cert.

openssl x509 -noout -modulus -in public_key.crt | openssl md5

openssl rsa -noout -modulus -in private_key.key | openssl md5
This entry was posted in openssl, Tools and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s