Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I check if the certificate file I have is in .pem format?

I have a root cert file and I don't know whether or not it is in .pem format. How do I check if it is in .pem format?

like image 516
Kumar Avatar asked Mar 07 '11 04:03

Kumar


People also ask

How do I know if a certificate is in PEM format?

DER formatted certificates - can have . der extension, but are often . cer, so the only way to tell if the certificate is PEM or DER is to open the certificate in a text editor and look for the BEGIN CERTIFICATE and END CERTIFICATE sections (if they are there then the . cer is in PEM format).

How do I find my PEM encoded certificate?

Certificate Decoder A PEM encoded certificate is a block of encoded text that contains all of the certificate information and public key. Another simple way to view the information in a certificate on a Windows machine is to just double-click the certificate file.

How does PEM file look like?

A PEM encoded file includes Base64 data. The private key is prefixed with a "-----BEGIN PRIVATE KEY-----" line and postfixed with an "-----END PRIVATE KEY-----". Certificates are prefixed with a "-----BEGIN CERTIFICATE-----" line and postfixed with an "-----END CERTIFICATE-----" line.

How do I know what type of SSL certificate I have?

For most browsers, look to see if a site URL begins with “https,” which indicates it has an SSL certificate. Then click on the padlock icon in the address bar to view the certificate information.


2 Answers

DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them

Quote from the support page:

View ====  Even though PEM encoded certificates are ASCII they are not human readable.  Here are some commands that will let you output the contents of a certificate in human readable form;  View PEM encoded certificate ----------------------------  Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate  openssl x509 -in cert.pem -text -noout openssl x509 -in cert.cer -text -noout openssl x509 -in cert.crt -text -noout  If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate  below”  unable to load certificate 12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE View DER encoded Certificate   View DER encoded Certificate ----------------------------  openssl x509 -in certificate.der -inform der -text -noout  If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above  unable to load certificate 13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306: 13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509 
like image 149
user2129888 Avatar answered Sep 18 '22 12:09

user2129888


A .pem format certificate will most likely be ASCII-readable. It will have a line -----BEGIN CERTIFICATE-----, followed by base64-encoded data, followed by a line -----END CERTIFICATE-----. There may be other lines before or after.

like image 25
Anomie Avatar answered Sep 17 '22 12:09

Anomie