Openssl | How to convert a certificate into the appropriate format
- Convert .pfx to openssl
openssl pkcs12 -in somefile.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > some.key
openssl pkcs12 -in somefile.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > someclientcert.cer
openssl pkcs12 -in somefile.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > somecacerts.cer
Convert x509 to PEM
Convert PEM to DER
Convert DER to PEM
Convert PEM to P7B
Note: The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c. A P7B file only contains certificates and chain certificates (Intermediate CAs), not the private key. The most common platforms that support P7B files are Microsoft Windows and Java Tomcat.
openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer
Convert PKCS7 to PEM
Convert pfx to PEM
Note: The PKCS#12 or PFX format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.
Convert PFX to PKCS#8 Note: This requires 2 commands
STEP 1: Convert PFX to PEM
STEP 2: Convert PEM to PKCS8
Convert P7B to PFX Note: This requires 2 commands
STEP 1: Convert P7B to CER
STEP 2: Convert CER and Private Key to PFX
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
- How to get/generate pin sha256 from certificate
if your certificate type is .crt:
openssl x509 -in yourCertificatePath.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
if your certificate type is .cer: