Preparing SSL/TLS Certificate in PEM Format - حلقه ارتباطی ابر آروان

ابر آروان

زیرساخت یکپارچه ابری

23 ژانویه 2018

Preparing SSL/TLS Certificate in PEM Format

The PEM format is a kind of storage format for keeping encryption keys and certificates. Its full name is Privacy-enhanced Electronic Mail. It is the most used format in encryption specially in open-source systems.

Unlike most encryption storage file standards which store the data in binary, PEM format uses base64 encoding. This makes reading and moving the file much easier.

Although file extension is not that important in open-source systems, PEM files usually take a .key extension if they contain private keys, and take .cer, .crt, or .pem extension if containing certificate.

You can easily open and edit PEM files using vim or Notepad and inspect its contents.

The content of private key will be something like this:

-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCuaGs3MHEOUMvO
v7QLx1cAgx7BDMHE0eq70/A+JZlYjDL7IAcoubgibfRWyEPombDF/TtnOzuYXuNT
tkGVK+iOI3HbTgVANOrhIhTO91Vh3MDBftlNdzsYg4Ct/dZfvwGixgVfOza5nYcP
SFJ5r89fre1EV/3QA3m+oPYimejcTCwEcByxxP7unmoxR9wJMYCmF3IOtRKGMhCn
IbmIRwvaQ0yeCk9vh4WoZBbqJx4pVXmqz5D4IfDt2E41NiecWVoNHMTEF9xE2Few
3tPyfMMtqQH713DiVNmLBjHkJLK8a/ev2NjFMg8KTZ0hlVyaeBZDPz0iNk3iaeXf
pspZ42kPAgMBAAECggEANcqEzufE5spqoaCkskFQBxtpv9bkaITp5fZvEWvdSN8s
1iFBtADb1tqc0qs/rpzAVcBNswAk2FDjwizjO1PojPZHpoEAw5XOn5M4YcEM93rz
hHpQIUFV27CrXn58wNkTcxWqEH4d2c/JGSCQN3HO/s6Q8FRHNwHraa0RXQilNlRR
OKSyDZTMyTOB0zBxXR5eJ1izXISgJVhL+UTb1VUj+XdhmSVqP45p2dhJWTyGHy6O
taQDo7mUB+gTJzmLbFJxX2Hl50mh9R/Y3fLwGyg3uLBiibMq8ajFSPGgRTkdx+EY
PjRuDHLZ2qSCwqrUUuI2X1qAaOyLI+hdjlMlz048QQKBgQDk6kC33UmLGQSO+kqz
+j8Zh9lnEMU49Gfq0x4VZjnp9qzj9/8Cl+cOoAxcb1ZzQITvGf0ww85dhSPKh68x
QSfefJRm1z6JVyjCVOUYWCN3XTxp7tZMXvSe0ED+HWw96EA8P83QqsMLlH6YkZLq
as6K4R9iAtO14tIVoPeVAfZLYQKBgQDDCypU6A08aWyt9Bncfb6mUhheL7LFMRK9
fFxvWuSGLSeZ0hFjGGNJjIOcUUZvnXYTYmuYRrNnNtqY/UvB4ubWncbnU6HY/eZS
ejWp2GDiU9yGfvGObwoRv7X5341LKR4KJcdsC5QoDl43mceQ5xjXnsECh/Lssm5E
GLsWJ/z6bwKBgELtfliDeVIS0XNgGGFAhBxZzKVGkPMS+iL88Km/BqWx+mB4jHVc
pjBveM25u6PctEEX7x/Hz9kl6Q34167l5ts0v0rGGcGb2w3eNlEEy/HFL7mlG8Ce
bpTUPHxPa+s5sTYsTWd51abYFp9SyIqDCbovEbbdLrraAyRRuLE3LqRhAoGAQ7V5
kZYpGiLDDrRh0fB5IcX4HaJTXi9GAS/N6v5TvNyqFbUeQhdySFMWUUrJt++i0OHm
1isdFqStSFUOWpWJa1HEfgPDeM/TiChSvs6V+5v/P1WMR9T2WukBpGfd5gy1F/K7
gx+V5D3wqT6iUARZ1GiROm61f0QGEW/AatWg9dMCgYAAnR/QIVTUV+LuINT9lBUs
v7lqQzo8wUC2Itn6nD3zmKiJb/lvA/jSZAXMGc3oqBS+ocznKrABp39MONj6Bp7l
zvrNHuO8L5v7kK24snyyBfyizu03IbkHUOiIs5rXuD1N6fVG2XKQv9QsUm6NZp0o
1uGia9hksHK00QOXRhsGdA==
-----END PRIVATE KEY-----

A sample PEM file containing a certificate, will look like this:

-----BEGIN CERTIFICATE-----
MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw
CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy
dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu
dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X
uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud
DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG
M49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA
l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
-----END CERTIFICATE-----

Converting from other formats to PEM

The default format of PEM differs depending on where you have purchased it from, or how you have created it. In most cases, your cert will be in PEM format by default, and there’ll be no need to change it. But if you’re using formats such as PFX-PKCS#12 or P7B-PKCS#7, you can easily convert it to PEM.

Note that PFX files contain both the certificate and the private key, so you can extract both from them.

Convert DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

Convert PFX to PEM

openssl pkcs12 -in certname.pfx -nokeys -out certificate.pem openssl pkcs12 -in certname.pfx -nocerts -out private.key -nodes

Trust Chain Structure

If you’re using an SSL/TLS certificate, it is important that it works properly for you, and that your website’s content is loaded through HTTPS on all browsers, OS’, and devices such as smartphones and tablets, without any errors. In order for that happen, instead of uploading your own certificate file, you need to create an SSL Certificate Trust Chain. See how to create SSL Certificate Trust Chain.

 

بدون دیدگاه

برچسب‌ها:




× برای اطلاع از آخرین اخبار و مقالات آروان عضو خبرنامه ما شوید