Encoding of output artifacts from 'openssl req' command? - encoding

My question is simply: What is the encoding of the .pem and .csr file created by openssl using this command:
openssl req -nodes -newkey rsa:2048 -keyout key.pem -out some.csr \
-subj "/C=XY/ST=UVW/L=SOMETOWN/O=STH/OU=STHELSE/CN=my.cert.test"
I do past some information from which i do not know if they are of importance for the answer of this question:
I am working on a xterm under x11. I have a up to date linux distribution (opensuse leap 42.2) and use openssl in my shell to create a csr file. I have a setting in my env XTERM_LOCALE=de_DE.UTF-8.

You can set encoding by passing -outform DER or -outform PEM where der is binary file and pem is in base64.

Related

Importing subject fields from a text file (openSSL x509)?

Is it possible to import the -subj from a text file openSSL?
Hi I'm trying to create a self signed certificate for a school project and I need to import the -subj fields from a .txt file.
What I have now is:
openssl req -new -newkey rsa:2048 -nodes -keyout key.key -out key.csr -subj "/C=US/ST=NY/L=NY/O=HW/CN=NAME"
Is it possible to import the file with a built in function using only one line of code?
openssl req -new -newkey rsa:2048 -nodes -keyout key.key -out key.csr -subj "filename.txt"
If not how should I approach this issue? I'm using simple batch files to create certificates
How about this?
openssl req -new -newkey rsa:2048 -nodes -keyout key.key -out key.csr -subj `cat filename.txt`

How to convert a .csr to .crt using openssl?

well i have tried the below
openssl x509 -req -in <cert_name>.csr -signkey <key_name>.key -out output.crt
but seems to throw an error
140735226307408:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE REQUEST
Any solutions?
The source of the problem is the form of your CSR : While working with X509, your data can be store using 2 forms : DER and PEM.
By default openssl assumes you are using PEM.
In your case, you should first convert the CSR in PEM format :
openssl req -inform DER -in <cert_name>.csr -out <cert_name>.pem
And then
openssl x509 -req -in <cert_name>.pem -signkey <key_name>.key -out output.crt

Convert Apple Push Certificate from .pem to .p12 (PKCS12)

I am trying to convert an Apple Push Certificate (received in .pem format from https://identity.apple.com/pushcert/) to PKCS12 on a Windows machine. I have OpenSSL installed.
Here are the steps I am trying:
Generate CSR
openssl req -out d:\cert\request.csr -new -newkey rsa:2048 -nodes -keyout d:\cert\csrPrivateKey.pem
Upload signed CSR to Apple and download issued certificate (pushCert.pem)
Convert .pem certificate to pkcs12
openssl pkcs12 -export -in d:\cert\pushCert.pem -inkey d:\cert\csrPrivateKey.pem -out d:\cert\pushCert.p12 -name "apns-cert"
When I try this last step, I get an error "No certificate matches private key" and an empty file is created. If anyone has any suggestions it would be greatly appreciated.
Thanks!

Signing files on Linux with SPC files

I have one .key file from which I generated a .csr file that I used to purchase a GoDaddy code signing certificate. From GoDaddy I received one .spc file.
I exported the spc file to pem with the following command:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
I then opened the certs.pem file and copied the first two certificates to a file called cert-chain.crt and the last one (which is mine) to one called server.crt.
I tried to sign the file like with this command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
But what I got is:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
What am I doing wrong? How should I normally sign the a.mobileconfig file with the provided SPC file?
Your certificate is in DER format, but openssl is assuming PEM format. You should add -inform der to the command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -inform der -outform der -nodetach

help in APNs pem creation

after exporting to p.12 in MacOSX, can i run the following 3 step in Linux? Or i must get it done in the same machine where i export to P.12 before i upload to Linux server to use with my php script?
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12
openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
I am not sure but this might be helpful:
1) CertificateCreation
2) apple-push-notification-service-tutorial
I think there is no problem in use the openssl in a linux machine. The algorithm is the same.
I used this tutorial and works great: http://blog.boxedice.com/2009/07/10/how-to-build-an-apple-push-notification-provider-server-tutorial/