Skip to main content

Converting Certificates

· 2 min read

Here's the command this article is talking about:

openssl x509 -in proxy.cer -inform der -outform pem -out proxy.crt

This command basically converts a binary certificate into a base64-encoded one (i.e. text).

The openssl command is the Swiss Army knife of encryption tools. It can encrypt/decrypt files as well as manage certificates that are used for secure connections on the Internet.

This command that I've posted does one thing - it converts a certificate from its binary form into a text form (base64-encoding).

Prior to posting this, I've done my research and have encountered this command before. The problem is the pages that I've read does not state it as simply.

Pages that I've read simply say that the above command changes the DER format of the certificate into the PEM format without going into details what the PEM format is. After some trial-and-error, I realised that in very layman terms, the PEM format is a text representation of the certificate.

Other commands that might be useful

openssl x509 -in file.cer -inform der -text -noout

Presents the information (-text) in the certificate (x509) that is the file (-in file.cer) which is in a binary format (-inform der). Omit the certificate from the output (-noout) - this option is not required.

openssl dgst -md5 file

Creates a MD5 (-md5) checksum (dgst) of a file (file)

openssl enc -aes-256-cbc -a -nosalt -in infile.jpg -out outfile.jpg.enc

This command encrypts (enc) a file (-in infile.jpg) using the AES 256-bit cipher block chaining cipher (-aes-256-cbc) with no salt (-nosalt) into a base-64 format (-a) and saves the output as a file (-out outfile.jpg.enc).

(Omit the -a switch to keep it in binary format which is almost always smaller than the equivalent binary format.)

openssl enc -d -aes-256-cbc -a -in outfile.jpg.enc -out newfile.jpg

This is the reverse operation: decrypts (enc -d) a file (-in outfile.jpg.enc) using the same cipher (-aes-256-cbc) from a base-64 format (-a) and saves the output into a file (-out newfile.jpg).

For a list of ciphers:

openssl list-cipher-commands