Keys and Certificates#

  • X.509 Certificate

  • CSR - Certificate Signing Request

  • RSA Public Key

  • RSA Private Key

Extensions

  • cer

  • crt

  • key

  • pem

Encoding Schemes

  • PEM - Privacy Enhanced Mail (Base64), can be viewed in any text editor.

  • DER (binary).

Container Formats

  • PKCS#7

  • PKCS#12

Ref:

  • https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/

PEM#

PEM (originally “Privacy Enhanced Mail”)

-----BEGIN CERTIFICATE-----
<Content>
-----END CERTIFICATE-----

View contents

openssl x509 -in <pem-file> -text -noout

Convert PEM to DER

openssl x509 -in <pem-file> -outform der -out <der-file>

See Certificate details:

openssl x509 -noout -text -in 'cerfile.cer'

-inform pem default in-form, for binary files pass -inform der

Create a RSA key pair and certificate

# generate private key of key size 2048
openssl genrsa -out rsa-private-key.pem 2048

# generate public key for given private key
openssl rsa -in rsa-private-key.pem -pubout -out rsa-public-key.pem

# generate certificate from the private key which lasts for 3650 days
openssl req -new -x509 -key rsa-private-key.pem -out mt-app-dev-key.pem -days 3650

# view the certificate details
openssl x509 -noout -text -in mt-app-dev-key.pem | less