我有一个rootcert文件,我不知道它是否是.pem格式,我如何检查它是.pem格式?
答案 0 :(得分:52)
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them
来自支持页面的引用:
View
====
Even though PEM encoded certificates are ASCII they are not human
readable. Here are some commands that will let you output the
contents of a certificate in human readable form;
View PEM encoded certificate
----------------------------
Use the command that has the extension of your certificate replacing
cert.xxx with the name of your certificate
openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate
below”
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE View DER encoded Certificate
View DER encoded Certificate
----------------------------
openssl x509 -in certificate.der -inform der -text -noout
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above
unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
答案 1 :(得分:36)
.pem格式证书很可能是ASCII可读的。它将有一行-----BEGIN CERTIFICATE-----,后跟base64编码的数据,后跟一行-----END CERTIFICATE-----。之前或之后可能还有其他行。
答案 2 :(得分:12)
参考CRL,CRT,CSR,NEW CSR,PRIVATE KEY, PUBLIC KEY Parser
CRL
-----BEGIN X509 CRL-----
-----END X509 CRL-----
CRT
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
CSR
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
新CSR
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
PEM
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
PKCS7
-----BEGIN PKCS7-----
-----END PKCS7-----
私钥
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
答案 3 :(得分:6)
要让OpenSSL将其识别为PEM格式,必须使用以下标题在Base64中对其进行编码:
-----BEGIN CERTIFICATE-----
和页脚:
-----END CERTIFICATE-----
此外,每行最多不得超过79个字符。否则您将收到错误:
2675996:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:818:
注意:PEM标准(RFC1421)要求长度为64个字符的行。可以使用UNIX命令行实用程序
转换存储为单行的PEM证书fold -w 64
答案 4 :(得分:2)
根据您格式化问题的方式,我相信对 runserver 文件是什么存在一些混淆。文件的 .pem 部分只是文件扩展名,我相信您真正想知道的是如何判断文件是否是 PEM-编码。 PEM 编码的文件可以以多种文件格式显示,例如 .pem、.pem、.key、.cer 等。
检查证书是否为 PEM 编码的一种简单方法是使用 OpenSSL:
.cert例如,对于 DER 格式而不是 PEM 格式的证书,上述命令将失败并输出错误:
openssl x509 -noout -in input_file.pem
echo $?
> 0
答案 5 :(得分:0)
如何检查我所拥有的证书文件是否为.pem格式
cat该文件并查找预先封装的标头和后封装的标头。预封装标头为-----BEGIN CERTIFICATE-----或-----BEGIN X509 CERTIFICATE-----;并且封装后的标题为-----END CERTIFICATE-----或-----END X509 CERTIFICATE-----。
RFC 1421中讨论了封装标头。这些标题中没有标准列表或对象的完整列表(如CERTIFICATE或X509 CERTIFICATE)。大多数人使用OpenSSL的pem.h标头来获取对象类型列表。