openssl certificate chain lost when converting from pem to der

openssl certificate x509
7,676

You cannot have DER encoded chains by concatenating them the way you can with PEM format.

A chain in a binary format would be in PKCS#7 format. To convert a PEM chain to PKCS#7, use:

openssl crl2pkcs7 -nocrl -certfile fullchain.pem -out fullchain.p7b

Then, to see the contents:

openssl pkcs7 -in fullchain.p7b -print_certs -noout

Add -text to see all the certificate details.

If the input PEM file also contained a private key a better format would be PKCS#12 as this format can be secured with a passphrase.

Share:
7,676

Related videos on Youtube

ArticIceJuice
Author by

ArticIceJuice

Updated on September 18, 2022

Comments

  • ArticIceJuice
    ArticIceJuice over 1 year

    I have a cetificate chain in .pem format from Letsencrypt, called fullchain.pem

    It has 2 certificates in the chain:

    keytool -printcert -v -file fullchain.pem |grep "Certificate fingerprints" |wc -l
2

    When I convert it to .der using

    openssl x509 -in fullchain.pem -out cert.der -outform DER

    it only exports the last one

    keytool -printcert -v -file cert.der |grep "Certificate fingerprints" |wc -l
1

    is this a bug in openssl? Am I missing a param?

  • ArticIceJuice
    ArticIceJuice over 6 years
    Great! This also solves it.
  • ArticIceJuice
    ArticIceJuice over 6 years
    Btw, they say it is actually possible to concatenate .der certificates to import them later, see this Java snippet gist.github.com/spicydog/84fa0e74d8524fba1fbb
  • garethTheRed
    garethTheRed over 6 years
    @ArticIceJuice - I think you may well be correct :-) generateCertificates accepts a stream of DER encoded certs. As I can't find a standard that defines certificate chains, this may well be implementation specific.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 2008R2 CA & OpenSSL CSR: Error parsing CSR ASN1 bad value met
How to create a single line x509 certificate that can be parsed by OpenSSL commandline tool
How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
Incorrect Authority Key Identifier on openssl end cert
OpenSSL x509 Purpose flag "Any Purpose" What is this?
OPENSSL Save x509 certificate of a website
Import of PEM certificate chain and key to Java Keystore
How to verify a X509 certificate in C
OpenSSL Certificate (Version 3) with Subject Alternative Name
Creating an x509 v3 user certificate by signing CSR