Cryptography Tutorials - Herong's Tutorial Examples - Version 5.40, by Dr. Herong Yang
"OpenSSL" Generating Certificates in DER and PEM
This section provides a tutorial example on how to generate certificates in DER and PEM formats using 'OpenSSL'.
After tested how "keytool" can be used to export certificates in DER and PEM formats, I decided to try with "OpenSSL" to see if it can generate certificates in DER and PEM formats or not. What I did was to:
The test session was recorded below:
C:\herong>openssl genrsa -out herong.key -des 1024 Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus .........................++++++ ...................++++++ e is 65537 (0x10001) Enter pass phrase for herong.key: keypass Verifying - Enter pass phrase for herong.key: keypass C:\herong>openssl req -new -x509 -key herong.key -out openssl_crt.pem \ -outform pem -config openssl.cnf Enter pass phrase for herong.key: keypass You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [CA]: State or Province Name (full name) [HY State]: Locality Name (eg, city) [HY City]: Organization Name (eg, company) [HY Company]: Organizational Unit Name (eg, section) [HY Unit]: Common Name (eg, YOUR name) [Herong Yang]: Email Address [herongyang.com]: C:\herong>openssl x509 -in openssl_crt.pem -inform pem \ -out openssl_crt.der -outform der
Now I got one certificate generated by "OpenSSL" and stored in two files: openssl_crt.der and openssl_crt.pem. How can I verify that they are really using DER and PEM formats? I used "keytool" to try to view them as described in the next section.
Table of Contents