发表新帖
发表新帖

Export P7b file with all the certificate chain into CER file

后端 未结
关注
5 434
清歌不尽
清歌不尽 2021-01-31 08:51

I have p7b file provided by Thwate.When I am trying to export the certificate in the cer file using the below command, the certificate chain is not included.
Please suggest

相关标签:
5条回答
  • 执笔经年
    2021-01-31 08:55

    I had similar problem extracting certificates from a file. This might not be the most best way to do it but it worked for me.

    openssl pkcs7 -inform DER -print_certs -in <path of the file> | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ".pem"}'
    0 讨论(0)
  • 梦毁少年i
    2021-01-31 09:03

    -print_certs is the option you want to use to list all of the certificates in the p7b file, you may need to specify the format of the p7b file you are reading.

    You can then redirect the output to a new file to build the concatenated list of certificates.

    Open the file in a text editor, you will either see Base64 (PEM) or binary data (DER).

    openssl pkcs7 -inform DER -outform PEM -in certificate.p7b -print_certs > certificate_bundle.cer

    http://www.openssl.org/docs/apps/pkcs7.html

    0 讨论(0)
  • 闹比i
    2021-01-31 09:13

    If you add -chain to your command line, it will export any chained certificates.

    http://www.openssl.org/docs/apps/pkcs12.html

    0 讨论(0)
  • 离开以前
    2021-01-31 09:14

    The selected answer didn't work for me, but it's close. I found a tutorial that worked for me and the certificate I obtained from StartCom.

    1. Open the .p7b in a text editor.

    2. Change the leader and trailer so the file looks similar to this:

      -----BEGIN PKCS7-----
[... certificate content here ...]
-----END PKCS7-----

    For example, my StartCom certificate began with: 

        -----BEGIN CERTIFICATE-----

    and ended with: 

        -----END CERTIFICATE-----
    1. Save and close the .p7b.

    2. Run the following OpenSSL command (works on Ubuntu 14.04.4, as of this writing):

      openssl pkcs7 -print_certs –in pkcs7.p7b -out pem.cer

    The output is a .cer with the certificate chain.

    Reference: http://www.freetutorialssubmit.com/extract-certificates-from-P7B/2206

    0 讨论(0)
  • 一向
    2021-01-31 09:17

    The only problem is that any additional certificates in resulted file will not be recognized, as tools don't expect more than one certificate per PEM/DER encoded file. Even openssl itself. Try

    openssl x509 -outform DER -in certificate.cer | openssl x509 -inform DER -outform PEM

    and see for yourself.

    0 讨论(0)
 看不清?
提交回复
热议问题