title: Reading SSL certificates with openssl link: https://onemoretech.wordpress.com/2009/11/11/reading-ssl-certificates-with-openssl/ author: lembobro description: post_id: 216 created: 2009/11/11 18:08:20 created_gmt: 2009/11/11 18:08:20 comment_status: open post_name: reading-ssl-certificates-with-openssl status: publish post_type: post

Reading SSL certificates with openssl

This will be a very basic post. Say you have three SSL certificates:

cert1.pem
cert2.der
cert3.cer

The first certificate is probably in PEM, or Privacy Enhanced Mail, format. Basically all this means is that the certificate text has been Base64 encoded. The second is most likely in DER, Distinguished Encoding Rules, format. This is a subset of BER, Basic Encoding Rules, encoding. The third is probably also in PEM format, but could be in DER. The only way to know for sure is to try reading it. While some software can read either type, others can be very finicky, and require the cert to be encoded in one or the other format. Here is how you read each type with [openssl](http://www.openssl.org). To read a common PEM certificate (usually has a .pem or .cer extension) :

openssl x509 -in cert1.pem -noout -text

(you could also use openssl x509 -inform PEM -in cert1.pem -noout -text) To read a DER certificate (usually has a .der extension):

openssl x509 -inform DER -in cert2.der -noout -text

Note that openssl requires you specify “-inform DER” to successfully read a DER cert. Sometimes people are sloppy about the extension they use, or come up with some kind of custom string. Because of this you may have to “test” the cert by changing the input format parameter (”-inform”). PKCS #12 is a common format used in Windows environments. This is a binary format that can include both a certificate and key bundled together. To export a PKCS #12 certificate to x509 text:

openssl pkcs12 -in cert.pfx -out cert.pem

Copyright 2004-2019 Phil Lembo