OpenSSL如何以DER格式加载CA证书
[英]OpenSSL how to load CA cert with DER format
问题描述
I am new to OpenSSL, so forgive me if I ask anything stupid. 
我是OpenSSL的新手,所以如果我问任何愚蠢的事情,请原谅我。
I need to convert an existing server project which uses axTLS to OpenSSL. 我需要将使用axTLS的现有服务器项目转换为OpenSSL。 As the server requires client authentication, I need to load the server cert file, private key file and the CA cert file. 由于服务器需要客户端身份验证,因此我需要加载服务器证书文件,私钥文件和CA证书文件。 All 3 files are in DER format. 所有3个文件均为DER格式。
For server cert file and private key file, I can use SSL_CTX_use_certificate_file() and SSL_CTX_use_PrivateKey_file() to load a DER format file (ASN1 format). 对于服务器证书文件和私钥文件,我可以使用SSL_CTX_use_certificate_file()和SSL_CTX_use_PrivateKey_file()加载DER格式的文件(ASN1格式)。 However, I couldn't find any API that loads the CA cert in DER format. 但是,我找不到任何以DER格式加载CA证书的API。 SSL_CTX_load_verify_locations() and SSL_load_client_CA_file() seem only work for PEM format. SSL_load_client_CA_file() SSL_CTX_load_verify_locations()和SSL_load_client_CA_file()似乎仅适用于PEM格式。
Any other API/method I can use to work around this issue? 我可以使用其他任何API /方法来解决此问题吗?
Thank you. 谢谢。
2 个解决方案
解决方案1
1 已采纳 2013-08-21 10:13:55
I will answer my own question. 我会回答我自己的问题。 As what Yu Hao said, there seems to be no API available in OpenSSL to load a CA cert in DER(ANS1) format. 正如Yu Hao所说,OpenSSL中似乎没有可用的API来加载DER(ANS1)格式的CA证书。 I had to get the PEM format version of CA cert to use in the end. 我必须获得最终使用的CA证书的PEM格式版本。
解决方案2
0
First of all, DER files can have .crt , .cer , and .der endings. 首先,DER文件可以以.crt , .cer和.der结尾。
As for your question it may be one of many issues. 至于您的问题,可能是许多问题之一。 Does your existing server project already work, and to what extent? 您现有的服务器项目是否已经起作用,在什么程度上起作用?
Could you first try and convert the DER file to PEM and tell us how it went? 您能否先尝试将DER文件转换为PEM并告诉我们它如何进行?
openssl x509 -inform der -in certificate.cer -out certificate.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.