000023181 - How to convert between PEM and DER format certificate files.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023181
Applies ToRSA BSAFE SSL-C
IssueHow to convert between PEM and DER format certificate files.
CauseThe SSL-C toolkit and documentation in the main relates to PEM (Privacy Enhanced Mail - RFC1421-1424) format certificate files. The other BSAFE toolkits talk about DER ASN1 encoded files. When working with a mixture of the products, it is sometimes necessary to be able to switch between the two formats.

A PEM format file is actually one or more Base64 entries with separators and comments, for example:

        -----BEGIN RSA PRIVATE KEY-----
        Proc-Type: 4,ENCRYPTED
        DEK-Info: DES-EDE3-CBC,C3B9CAB78CE6B944

        gjOegPV9ZLKsYucU0YA4FicgoO1HpIJ7R+8vg6EoY0IkI8nCEmr8TSexcRhSJ2FJ
        6w+AMY6lzpXEWbL+kUM6SKiK8T9RFzW64wH5L5CGDf84by3929mwWOqbfGXeSczZ
        yUadLmtKfTRMCPsyNRWTAFzXpnI3hnbrdJziEZ6hDJBBHyoRYEoDrd9QrHCo238u
        zBBPpNcyU1WD6YJnWmWXZ4ooIm5aCBGao7QoDXuO3R4QFYstKVkfJiW9Tx9wzKqH
        9dgEcy1HYyAiVjp5i4sYQVClfWgPRSFB9ZuWhJFcKq3PwneXxc347a1WdGfu0v95
        2Vtj0jCatToceSFZmbxAqNi6nkmV15aRqPsuC5KMCCJyRIyHZCA8nj253vA1qp9S
        dhYxuNRXopNxLU7RkbmxvfF06YxgMTLJ2EB74ufcFXnMbr1RQIksnykdKgQIwxFR
        7HHlXRdCiYv0lw9VnMPVKfq41kO/G96h+WCYY99O9UvPJzu2GRt3O0LlnVT+E9rO
        k86cHJ3f35gddFtAkdDHZENiq6roUy1WC2ob0bFWD0pQBZ/SVDKhTocNPl0FOAyl
        eSfjyQSaJCinsIvmfZ5X1RRx/zyidQCFUj11089g8O5RozLnaDr+5XSPI2Co9uWn
        hRMW/GivKkJXIl86uUjivy2cxowhCaWS40bdersnbzao9J0oJkTYTrprpIuN1TlM
        i9c4rxt7xxbfQG+zAz5BNOe1JTnuZ8TbRa3QAgHGdPWp597T9XSdp7FDbY8dLnZY
        hhhSStCmi0e4t2CVujCVnlNBvNJqWOSNHndLDznv2wc=
        -----END RSA PRIVATE KEY-----
        -----BEGIN CERTIFICATE-----
        MIICUDCCAbkCEAdKttOqTX1XRAoZHFGa4c8wDQYJKoZIhvcNAQEEBQAwUDEZMBcG
        A1UEChMQY3N1ay5zZWN1cmlkLmNvbTEcMBoGA1UEChMTVGlsZWh1cnN0IENvbXB1
        dGluZzEVMBMGA1UECxMMV2ViIFNlcnZpY2VzMB4XDTAxMDEyNTAwMDAwMFoXDTAy
        MDEyNTIzNTk1OVowgYExCzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlCZXJrc2hpcmUx
        EjAQBgNVBAcUCVRpbGVodXJzdDEcMBoGA1UEChQTVGlsZWh1cnN0IENvbXB1dGlu
        ZzEVMBMGA1UECxQMV2ViIFNlcnZpY2VzMRUwEwYDVQQDFAxTU0wtQyBTZXJ2ZXIw
        gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY/iju2yC6M8dIWuC3cH0gfFXDX
        ViGbxK6012eyl/kAedCc8JzgQLLzRMYeled4sFP6EG0nQ76bBK8avoG5onRRG9ZS
        yGX5UtwNrOkJbVKHnzaZZqm83Ew9fGa258FHNYNI/4Y7mDDReAuNlcELZ3C3BIKG
        u776mZuH976WYHNDAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAr9g2/VNxww1fgQdp
        GIXPWEOCyYh1TYOxNI6/ErBjZWIFy9N+qRZtI1MLdnQZTtdECF4GaQQCrz415qbE
        VSrh9u9g4twiKuyd9DY9pbtMo5aw3wB7XgdSIjIaLyMjVf41S/m55lJGa65Wp/1K
        adUOvrigkWrMWLwmlCrBdMdIrrs=
        -----END CERTIFICATE-----
ResolutionThe detail between the 'BEGIN CERTIFICATE' and 'END CERTIFICATE' is the Base64-encoded certificate. If you have a PEM format file and need a DER (binary) version of it, you just need to Base64 decode the file. This can be done with a variety of Base64 utilities, however, a very quick method is to use the functionality built into the Microsoft Internet Explorer.

1. Make sure that a file contains only the entries for the one certificate (it can
   include the BEGIN and END lines).

2. Give the file a suffix of DER.

3. Double-click the file. The certificate displays in a standard
   Microsoft certificate display window.

4. Click the Details tab.

5. Click the 'Copy to File' button.

6. Click NEXT.

7. Select the default option of 'DER encoded binary X.509 (.CER).

8. Enter a name to save the file, and click NEXT.

9. Click FINISH.

If you have the DER format file, and you want to get hold of the PEM version for SSL-C, then a similar process can be used. Just select Base64 encoded X.509 (.CER) as the file type in step 7. The utility will also put the BEGIN and END comment lines into the file.
Legacy Article IDa786

Attachments

    Outcomes