DER and PEM Certificates with CA XCOM
search cancel

DER and PEM Certificates with CA XCOM

book

Article ID: 117297

calendar_today

Updated On: 10-10-2018

Products

XCOM Data Transport XCOM Data Transport - Windows XCOM Data Transport - Linux PC XCOM Data Transport - z/OS

Issue/Introduction

The underlying OpenSSL routines will process certificates encoded with DER and also DER wrapped into PEM.
The OpenSSL docs state that DER encoding is also accepted. The OpenSSl support utility can extract DER/PEM certificates from PKCS#12 files.

Environment

Release:
Component: XCMVS

Resolution

View PEM encoded certificate
Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate
openssl x509 -in cert.cer -text -noout
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate  below”
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
View DER encoded Certificate
openssl x509 -in certificate.der -inform der -text -noout
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above
unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
Transform
Transforms can take one type of encoded certificate to another. (ie. PEM To DER conversion)
PEM to DER
openssl x509 -in cert.cer -outform der -out cert.der
DER to PEM
openssl x509 -in cert.cer -inform der -outform pem -out cert.pem