[英]How to get public key in .cer or .crt formats
I have created self-signed SSL certificate using OpenSSL as follow:我使用 OpenSSL 创建了自签名 SSL 证书,如下所示:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
This gave me certificate and private key in .pem
file.这给了我
.pem
文件中的证书和私钥。 I need to provide my public key to my clients in .cer
or .crt
format.我需要以
.cer
或.crt
格式向我的客户提供我的公钥。 Is there any way to get public key in .cer
/ .crt
formats?有没有办法获得
.cer
/ .crt
格式的公钥?
What I have already tried:我已经尝试过的:
1. Generating public key in .pem
format and trying to convert it to .cer
or .crt
[ Didn't work ] 1. 生成
.pem
格式的公钥并尝试将其转换为.cer
或.crt
[无效]
To extract public key in .pem
file [worked fine]:在
.pem
文件中提取公钥[工作正常]:
`openssl x509 -pubkey -noout -in signer-cert.pem > signer-public-key-test.pem`
To convert it from .pem
for .cer
format openssl x509 -inform PEM -in signer-public-key-test.pem -outform DER -out signer-public-key-test.cer
I get this error:要将其从
.pem
转换为.cer
格式openssl x509 -inform PEM -in signer-public-key-test.pem -outform DER -out signer-public-key-test.cer
我收到此错误:
unable to load certificate
140067363030680:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
2. Converting my certificate to .cer (which I did fine) and trying to export public key using windows certificate export wizard as instructions given here 2. 将我的证书转换为 .cer(我做得很好)并尝试使用 Windows 证书导出向导导出公钥,如此处给出的说明
It didn't work either.它也没有用。 I couldn't enable the option to export keys and the final output, when opened in notepad++ was garbage.
当在记事本++中打开时,我无法启用导出密钥和最终输出的选项是垃圾。
So my question is, is there any way to generate the certificate from scratch and have the public key in .cer
or .crt
file.所以我的问题是,有没有办法从头开始生成证书并在
.cer
或.crt
文件中拥有公钥。 OR generating the certificate in .pem
format and later extracting public keys to .crt
or .cer
或以
.pem
格式生成证书,然后将公钥提取到.crt
或.cer
Any help is deeply appreciated.任何帮助都深表感谢。
Since .cer
and .crt
usually mean "DER or PEM-DER X.509 certificate" I don't know what you mean by having the public key in that format.由于
.cer
和.crt
通常表示“DER 或 PEM-DER X.509 证书”,因此我不知道您所说的具有该格式的公钥是什么意思。
If you mean you want a DER encoded SubjectPublicKeyInfo representing the public key, the second stage of your pipeline would be如果您的意思是您想要一个代表公钥的 DER 编码的 SubjectPublicKeyInfo,那么管道的第二阶段将是
openssl asn1parse -noout -out some.file
You can remove the intermediate with您可以使用删除中间体
openssl x509 -in signer-cert.pem -noout -pubkey |
openssl asn1parse -noout -out signer-public-key-test.der
(Newline added to remove scrollbar) (添加换行符以删除滚动条)
Or, skip the certificate middleman altogether:或者,完全跳过证书中间人:
openssl rsa -in key.pem -pubout -outform der -out signer-public-key-test.der
Seems pretty weird that you want that particular format, though.不过,您想要那种特定的格式似乎很奇怪。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.