百度智能云

All Product Document

          Reference

          Format Conversion

          If the certificate received by the user from the CA is not in PEM format, it needs to be converted into PEM format. Several common methods for converting certificate formats to PEM format are shown in the following table:

          Certificate format Conversion method
          DER-> PEM Certificate: openssl x509 -inform der -in my-certificate.cer -out my-certificate.pem
          private key: openssl rsa -inform DER -outform PEM -in my-private-key.der -out my-private-key.pem
          P7B-> PEM Certificate: openssl pkcs7 -print_certs -in my-certificate.p7b -out my-certificate.pem. From my-certificate.pem, get the content starting with "----- BEGIN CERTIFICATE -----" and ending with "----- END CERTIFICATE -----" as the certificate.
          Private key: No private key
          PFX-> PEM Certificate: openssl pkcs12 -in certname.pfx -nokeys -out my-certificate.pem
          private key: openssl pkcs12 -in certname.pfx -nocerts -out my-private-key.pem -nodes

          Note:

          • If your private key is encrypted, for example, the beginning and end of the private key are ----- BEGIN PRIVATE KEY -----, ----- END PRIVATE KEY ----- or ---- -BEGIN ENCRYPTED PRIVATE KEY -----, ----- END ENCRYPTED PRIVATE KEY -----, or the private key contains Proc-Type: 4, ENCRYPTED, you need to run the following command to convert:

            openssl rsa -in old_server_key.pem -out new_server_key.pem
          • The private key needs to match the public key in the server certificate. You can use the following two commands to generate the MD5 value of the private key and the certificate. If they are the same, you can consider that the private key matches the public key in the certificate.

             openssl x509 -noout -modulus -in my-certificate.pem | openssl md5
             openssl rsa -noout -modulus -in my-private-key.pem | openssl md5
          Previous
          Certificate and Private Key
          Next
          Upload Certificate