Keys and Certificates#
X.509 Certificate
CSR - Certificate Signing Request
RSA Public Key
RSA Private Key
Extensions
cer
crt
key
pem
Encoding Schemes
PEM - Privacy Enhanced Mail (Base64), can be viewed in any text editor.
DER (binary).
Container Formats
PKCS#7
PKCS#12
Ref:
https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/
PEM#
PEM (originally “Privacy Enhanced Mail”)
-----BEGIN CERTIFICATE-----
<Content>
-----END CERTIFICATE-----
View contents
openssl x509 -in <pem-file> -text -noout
Convert PEM to DER
openssl x509 -in <pem-file> -outform der -out <der-file>
See Certificate details:
openssl x509 -noout -text -in 'cerfile.cer'
-inform pem
default in-form, for binary files pass -inform der
Create a RSA key pair and certificate
# generate private key of key size 2048
openssl genrsa -out rsa-private-key.pem 2048
# generate public key for given private key
openssl rsa -in rsa-private-key.pem -pubout -out rsa-public-key.pem
# generate certificate from the private key which lasts for 3650 days
openssl req -new -x509 -key rsa-private-key.pem -out mt-app-dev-key.pem -days 3650
# view the certificate details
openssl x509 -noout -text -in mt-app-dev-key.pem | less