使用openssl进行证书格式转换(Certificate format conversion using OpenSSL)

各类证书由于存储的内容不同(如是否包含公钥/私钥是否加密存储/单一证书或多证书等)、采用编 码不同(DER/BASE64)、标准不同(如PEM/PKCS),所以尽管X.509标准规定了证书内容规范,但证书文件还是五花八门。好在 openssl对这些不同的标准都有着不错的支持,可以用来进行不同格式证书的转换。

大体来说,证书转换要作的工作有这么几种

编码转换:DER<–>BASE64不同证书标准的转换:PKCS系列<–>PEM/CER私钥的增/减/提取/转换…

编码转换:DER<–>BASE64不同证书标准的转换:PKCS系列<–>PEM/CER私钥的增/减/提取/转换…

PEM–DER/CER(BASE64–DER编码的转换)

PEM–P7B(PEM–PKCS#7)

PEM–PFX(PEM–PKCS#12)

PEM–p12(PEM–PKCS#12)

CER/DER–PEM(编码DER–BASE64)

P7B–PEM(PKCS#7–PEM)

P7B–PFX(PKCS#7–PKCS#12)

PFX/p12–PEM(PKCS#12–PEM)

PEM BASE64–X.509文本格式

PFX文件中提取私钥(.key)

PEM–SPC

PEM--PVK(openssl 1.x开始支持)

PEM--PVK(对于openssl 1.x之前的版本,可以下载pvk转换器后通过以下命令完成)

PVK格式更多参考:http://www.drh-consultancy.demon.co.uk/pvk.html

openssl更多选项及功能,请参考openssl手册

————————

Various certificates have different storage contents (such as whether they contain public key / private key, whether they are encrypted storage / single certificate or multiple certificates, etc.), different codes (Der / Base64) and different standards (such as PEM / PKCs) Therefore, although the X.509 standard specifies the certificate content specification, there are still a variety of certificate files. Fortunately, OpenSSL has good support for these different standards and can be used to convert certificates of different formats.

Generally speaking, there are several kinds of work to be done for certificate conversion

Code conversion: Der & lt–& gt; Conversion of Base64 different certificate standards: PKCs series & lt–& gt; Addition / subtraction / extraction / conversion of PEM / cer private key

Code conversion: Der & lt–& gt; Conversion of Base64 different certificate standards: PKCs series & lt–& gt; Addition / subtraction / extraction / conversion of PEM / cer private key

PEM–DER/CER(BASE64–DER编码的转换)

PEM–P7B(PEM–PKCS#7)

PEM–PFX(PEM–PKCS#12)

PEM–p12(PEM–PKCS#12)

CER/DER–PEM(编码DER–BASE64)

P7B–PEM(PKCS#7–PEM)

P7B–PFX(PKCS#7–PKCS#12)

PFX/p12–PEM(PKCS#12–PEM)

< strong > PEM Base64 — X.509 text format < / strong >

< strong > extract private key (. Key) from PFX file < / strong >

PEM–SPC

< strong > PEM - PVK (OpenSSL 1. X starts to support) < / strong >

< strong > PEM - PVK < / strong > (for versions before OpenSSL 1. X, you can download the PVK converter and complete it through the following command)

PVK格式更多参考:http://www.drh-consultancy.demon.co.uk/pvk.html

For more options and functions of OpenSSL, please refer to the OpenSSL manual