DER and PEM Certificates with CA XCOM
Article ID: 117297
Updated On: 10-10-2018
Products
XCOM Data Transport
XCOM Data Transport - Windows
XCOM Data Transport - Linux PC
XCOM Data Transport - z/OS
Issue/Introduction
The underlying OpenSSL routines will process certificates encoded with DER and also DER wrapped into PEM.
The OpenSSL docs state that DER encoding is also accepted. The OpenSSl support utility can extract DER/PEM certificates from PKCS#12 files.
The OpenSSL docs state that DER encoding is also accepted. The OpenSSl support utility can extract DER/PEM certificates from PKCS#12 files.
Environment
Release:
Component: XCMVS
Component: XCMVS
Resolution
View PEM encoded certificate
Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate
openssl x509 -in cert.cer -text -noout
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below”
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
View DER encoded Certificate
openssl x509 -in certificate.der -inform der -text -noout
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above
unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
Transform
Transforms can take one type of encoded certificate to another. (ie. PEM To DER conversion)
PEM to DER
openssl x509 -in cert.cer -outform der -out cert.der
DER to PEM
openssl x509 -in cert.cer -inform der -outform pem -out cert.pem
Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate
openssl x509 -in cert.cer -text -noout
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below”
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
View DER encoded Certificate
openssl x509 -in certificate.der -inform der -text -noout
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above
unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
Transform
Transforms can take one type of encoded certificate to another. (ie. PEM To DER conversion)
PEM to DER
openssl x509 -in cert.cer -outform der -out cert.der
DER to PEM
openssl x509 -in cert.cer -inform der -outform pem -out cert.pem
Feedback
Yes
No
Powered by
