My question is simply: What is the encoding of the .pem and .csr file created by openssl using this command:
openssl req -nodes -newkey rsa:2048 -keyout key.pem -out some.csr \
-subj "/C=XY/ST=UVW/L=SOMETOWN/O=STH/OU=STHELSE/CN=my.cert.test"
I do past some information from which i do not know if they are of importance for the answer of this question:
I am working on a xterm under x11. I have a up to date linux distribution (opensuse leap 42.2) and use openssl in my shell to create a csr file. I have a setting in my env XTERM_LOCALE=de_DE.UTF-8.
You can set encoding by passing -outform DER or -outform PEM where der is binary file and pem is in base64.
Related
Is it possible to import the -subj from a text file openSSL?
Hi I'm trying to create a self signed certificate for a school project and I need to import the -subj fields from a .txt file.
What I have now is:
openssl req -new -newkey rsa:2048 -nodes -keyout key.key -out key.csr -subj "/C=US/ST=NY/L=NY/O=HW/CN=NAME"
Is it possible to import the file with a built in function using only one line of code?
openssl req -new -newkey rsa:2048 -nodes -keyout key.key -out key.csr -subj "filename.txt"
If not how should I approach this issue? I'm using simple batch files to create certificates
How about this?
openssl req -new -newkey rsa:2048 -nodes -keyout key.key -out key.csr -subj `cat filename.txt`
well i have tried the below
openssl x509 -req -in <cert_name>.csr -signkey <key_name>.key -out output.crt
but seems to throw an error
140735226307408:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE REQUEST
Any solutions?
The source of the problem is the form of your CSR : While working with X509, your data can be store using 2 forms : DER and PEM.
By default openssl assumes you are using PEM.
In your case, you should first convert the CSR in PEM format :
openssl req -inform DER -in <cert_name>.csr -out <cert_name>.pem
And then
openssl x509 -req -in <cert_name>.pem -signkey <key_name>.key -out output.crt
I am trying to convert an Apple Push Certificate (received in .pem format from https://identity.apple.com/pushcert/) to PKCS12 on a Windows machine. I have OpenSSL installed.
Here are the steps I am trying:
Generate CSR
openssl req -out d:\cert\request.csr -new -newkey rsa:2048 -nodes -keyout d:\cert\csrPrivateKey.pem
Upload signed CSR to Apple and download issued certificate (pushCert.pem)
Convert .pem certificate to pkcs12
openssl pkcs12 -export -in d:\cert\pushCert.pem -inkey d:\cert\csrPrivateKey.pem -out d:\cert\pushCert.p12 -name "apns-cert"
When I try this last step, I get an error "No certificate matches private key" and an empty file is created. If anyone has any suggestions it would be greatly appreciated.
Thanks!
I have one .key file from which I generated a .csr file that I used to purchase a GoDaddy code signing certificate. From GoDaddy I received one .spc file.
I exported the spc file to pem with the following command:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
I then opened the certs.pem file and copied the first two certificates to a file called cert-chain.crt and the last one (which is mine) to one called server.crt.
I tried to sign the file like with this command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
But what I got is:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
What am I doing wrong? How should I normally sign the a.mobileconfig file with the provided SPC file?
Your certificate is in DER format, but openssl is assuming PEM format. You should add -inform der to the command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -inform der -outform der -nodetach
after exporting to p.12 in MacOSX, can i run the following 3 step in Linux? Or i must get it done in the same machine where i export to P.12 before i upload to Linux server to use with my php script?
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12
openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
I am not sure but this might be helpful:
1) CertificateCreation
2) apple-push-notification-service-tutorial
I think there is no problem in use the openssl in a linux machine. The algorithm is the same.
I used this tutorial and works great: http://blog.boxedice.com/2009/07/10/how-to-build-an-apple-push-notification-provider-server-tutorial/