Is it possible to generate a csr file from cer file using openssl or keytool? I can see commands to convert the other way. Or, is it possible to generate a public pem file from the cer file?
Asked
Active
Viewed 8,004 times
1 Answers
2
You can create a CSR from a certificate using OpenSSL as follows:
openssl x509 -x509toreq -signkey ./server.key -in ./server.pem -out server.csr
will create a certificate request from the certificate and private key. Note that you must have the private key available for this to work as the csr is signed by the private key in order to provide proof of possession.
You can generate a .pem from a .cer in one of two ways:
If the file is in DER format (a binary format) you can use:
openssl x509 -inform DER in server.cer -out server.pem.If the file is in PEM format (a base64 text format) you can simply rename it from
.certo.pem. Remember theceris only a file extension and doesn't really define the content of the file.
garethTheRed
- 4,539
- 14
- 22
-
what is server.key here ? – earl Apr 01 '20 at 03:36
-
It's exactly what it says under `-signkey` in the [man page for openssl x509](https://www.openssl.org/docs/man1.0.2/man1/x509.html) - it's the private key of the certificate. You must have a private key in order to sign the CSR. – garethTheRed Apr 01 '20 at 05:56
-
Tried openssl x509 -inform DER -in server.cer -out server.pem. Gave error as:- unable to load certificate 15040:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1315: 15040:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:379:Type=X509 – earl Apr 01 '20 at 06:05
-
Then your file is already in PEM format and doesn't need converting. That's option 2 in my answer. Look at the contents of the file - if it's a mess, it's DER; but if it's a tidy block of base64 characters with `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters then it's a PEM file. – garethTheRed Apr 01 '20 at 06:15