1. Convert various Certificate Format
a.
From PEM (Apache) format to PFX
(IIS) – If we have intermediary and root CA
openssl pkcs12 -export
-out NEW-CERTIFICATE.pfx -inkey PRIVATE-KEY.key -in PRIVATE-KEY.crt -in INTERMEDIATE-CA.crt
-in ROOT-CA.crt
b.
From PEM (Apache) format to PFX
(IIS) – If we don’t have intermediary and root CA
openssl pkcs12 -export
-out NEW-CERTIFICATE.pfx -inkey PRIVATE-KEY.key -in NEW-CERTIFICATE.crt
c.
From PFX (IIS) to PEM (Apache)
openssl pkcs12 -in NEW-CERTIFICATE.pfx -cacerts -nodes -out NEW-CERTIFICATE.pem
2. Comparing two Public Key, to ensure public key is the same (Usefull when using Certificate Pinning). Run command below on linux env
openssl x509 -noout
-modulus -in OLD-CERTIFICATE.crt | openssl md5
openssl x509 -noout -modulus -in NEW-CERTIFICATE.crt
| openssl md5
No comments:
Post a Comment