0

I am trying to use OpenSSL x509 command in the following manner and getting an "unknown option using PEM" message. I am following the precise steps mentioned in the following documentation:

http://support.citrix.com/article/CTX106630#prodrelated

Here is the command I typed:

C:\OpenSSL-Win32\bin>openssl x509 -in myfile.cer -inform DER -out myfile.pem
-outform PEM
unknown option PEM
usage: x509 args
 -inform arg     - input format - default PEM (one of DER, NET or PEM)
 -outform arg    - output format - default PEM (one of DER, NET or PEM)
 -keyform arg    - private key format - default PEM
 -CAform arg     - CA format - default PEM
 -CAkeyform arg  - CA key format - default PEM
 -in arg         - input file - default stdin
 -out arg        - output file - default stdout
 -passin arg     - private key password source
 -serial         - print serial number value
 -subject_hash   - print subject hash value
 -subject_hash_old   - print old-style (MD5) subject hash value
 -issuer_hash    - print issuer hash value
 -issuer_hash_old    - print old-style (MD5) issuer hash value
 -hash           - synonym for -subject_hash
 -subject        - print subject DN
 -issuer         - print issuer DN
 -email          - print email address(es)
 -startdate      - notBefore field
 -enddate        - notAfter field
 -purpose        - print out certificate purposes
 -dates          - both Before and After dates
 -modulus        - print the RSA key modulus
 -pubkey         - output the public key
 -fingerprint    - print the certificate fingerprint
 -alias          - output certificate alias
 -noout          - no certificate output
 -ocspid         - print OCSP hash values for the subject name and public key
 -ocsp_uri       - print OCSP Responder URL(s)
 -trustout       - output a "trusted" certificate
 -clrtrust       - clear all trusted purposes
 -clrreject      - clear all rejected purposes
 -addtrust arg   - trust certificate for a given purpose
 -addreject arg  - reject certificate for a given purpose
 -setalias arg   - set certificate alias
 -days arg       - How long till expiry of a signed certificate - def 30 days
 -checkend arg   - check whether the cert expires in the next arg seconds
                   exit 1 if so, 0 if not
 -signkey arg    - self sign cert with arg
 -x509toreq      - output a certification request object
 -req            - input is a certificate request, sign and output.
 -CA arg         - set the CA certificate, must be PEM format.
 -CAkey arg      - set the CA key, must be PEM format
                   missing, it is assumed to be in the CA file.
 -CAcreateserial - create serial number file if it does not exist
 -CAserial arg   - serial file
 -set_serial     - serial number to use
 -text           - print the certificate in text form
 -C              - print out C code forms
 -md2/-md5/-sha1/-mdc2 - digest to use
 -extfile        - configuration file with X509V3 extensions to add
 -extensions     - section from config file with X509V3 extensions to add
 -clrext         - delete extensions before signing and input certificate

Please let me know what's wrong with the above command?

Nathan Hughes
  • 94,330
  • 19
  • 181
  • 276
Jack
  • 989
  • 3
  • 13
  • 24
  • I just pasted your command, and it worked for me. – Jamey Oct 23 '13 at 19:42
  • It's weird. I am still getting the same message and the file is not getting generated. Are you also using OpenSSL-Win32 ? – Jack Oct 23 '13 at 19:56
  • I'm on the 64 bit version. But the syntax should be the same. You had a newline in your command when I copied from stackoverflow.com. I removed that. Otherwise I did just what you did. I tested with this DER certificate http://www.apple.com/appleca/AppleIncRootCertificate.cer – Jamey Oct 23 '13 at 20:46
  • Thanks.I got it worked. I wasn't providing a space after myfile.pem and it wasn't easily visible since I had a new line after myfile.pem. Perhaps, I should not be using small size command prompt while executing commands. – Jack Oct 23 '13 at 20:53

0 Answers0