If you have any reason at all to work (or play) with digital certificates, one of the most useful tools you will find anywhere is OpenSSL. It can do pretty much anything you could wish to do when it comes to displaying certificate contents, converting from one format to another or even issuing and signing your own certificates (you can operate your own CA with it !).
This page contains a handy list of OpenSSL commands I've found useful from time to time.
X.509 certificates are usually stored in one of two formats:
-----BEGIN CERTIFICATE----- MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww : : MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa C1Q= -----END CERTIFICATE-----
OpenSSL uses the PEM format by default, but you can tell it to process DER format certificates...you just need to know which you are dealing with.
The command to view an X.509 certificate is:
You can specifiy -inform pem if you want to look at a PEM-format certificate
If you have a PEM-format certificate which you want to convert into DER-format (so that you can import it into Microsoft), you can use the command:
This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc. You can have a look into a PKCS12 file using the command
If you have two separate files containing your certificate and private key, both in PEM format, you can combine these into a single PKCS12 file (suitable for importing into Windows) using the command:-