当前位置: 文江博客话题详情

将 .pfx 转换为 .cer

发布于 2024-07-12 03:21:34 字数 101 浏览 8 评论 0原文

是否可以将 .pfx(个人信息交换)文件转换为 .cer(安全证书)文件? 除非我弄错了,否则 .cer 不是以某种方式嵌入到 .pfx 中吗? 如果可能的话,我想要一些方法来提取它。

原文

Is it possible to convert a .pfx (Personal Information Exchange) file to a .cer (Security Certificate) file? Unless I'm mistaken, isn't a .cer somehow embedded inside a .pfx? I'd like some way to extract it, if possible.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(8

后eg是否自 2024-07-19 03:21:37
openssl rsa -in f.pem -inform PEM -out f.der -outform DER

openssl rsa -in f.pem -inform PEM -out f.der -outform DER
回复 原文
看春风乍起 2024-07-19 03:21:36

我想添加一个我认为最简单的方法。

  1. 只需右键单击 pfx 文件,按照向导单击“安装”,然后将其添加到商店(我添加到个人商店)。

  2. 在开始菜单中输入 certmgr.msc 并转到 CertManager 程序。

  3. 找到您的 pfx 证书(顶部的选项卡是各个商店),单击导出按钮并按照向导操作(有一个选项可以导出为 .CER)

本质上它与 Andrew 的答案执行相同的操作,但它避免使用 Windows 管理控制台(直接进入导入/导出)。

I wanted to add a method which I think was simplest of all.

  1. Simply right click the pfx file, click "Install" follow the wizard, and add it to a store (I added to the Personal store).

  2. In start menu type certmgr.msc and go to CertManager program.

  3. Find your pfx certificate (tabs at top are the various stores), click the export button and follow the wizard (there is an option to export as .CER)

Essentially it does the same thing as Andrew's answer, but it avoids using Windows Management Console (goes straight to the import/export).

回复 原文
等风也等你 2024-07-19 03:21:36

您可以使用它从 .pfx 中提取 ca-bundle、.crt 和 .key。

# Extracting ca-certs..."
  openssl pkcs12 -in ${filename}.pfx -nodes -nokeys -cacerts -out ${filename}-ca.crt

# Extracting key file..."
  openssl pkcs12 -in ${filename}.pfx -nocerts -out ${filename}.key

# Extracting crt..."
  openssl pkcs12 -in ${filename}.pfx -clcerts -nokeys -out ${filename}.crt

# combine ca-certs and cert files
  cat  ${filename}.crt ${filename}-ca.crt > ${filename}-full.crt

# Removing passphrase from keyfile"
  openssl rsa -in ${filename}.key -out ${filename}.key

You can extract ca-bundle, .crt and .key from .pfx using this.

# Extracting ca-certs..."
  openssl pkcs12 -in ${filename}.pfx -nodes -nokeys -cacerts -out ${filename}-ca.crt

# Extracting key file..."
  openssl pkcs12 -in ${filename}.pfx -nocerts -out ${filename}.key

# Extracting crt..."
  openssl pkcs12 -in ${filename}.pfx -clcerts -nokeys -out ${filename}.crt

# combine ca-certs and cert files
  cat  ${filename}.crt ${filename}-ca.crt > ${filename}-full.crt

# Removing passphrase from keyfile"
  openssl rsa -in ${filename}.key -out ${filename}.key
回复 原文
随梦而飞# 2024-07-19 03:21:36
  1. 从 OpenSSL\bin 文件夹启动 OpenSSL。
  2. 打开命令提示符并转到包含 .pfx 文件的文件夹。
  3. 运行以下命令提取私钥:
    openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]
    系统将提示您输入导入密码。 输入您在创建 .pfx 文件时用于保护密钥对的密码。 系统将再次提示您提供新密码以保护您正在创建的 .key 文件。 将密钥文件的密码存储在安全的地方以避免滥用。
  4. 运行以下命令来提取证书:
    openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
  5. openssl rsa -in [drlive.key] -out [drlive-decrypted.key]

将.pfx文件转换为.pem格式

可能存在实例您可能需要将 .pfx 文件转换为 .pem 格式。 运行以下命令将其转换为PEM格式。

openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

源:https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys -来自pfx文件

  1. Start OpenSSL from the OpenSSL\bin folder.
  2. Open the command prompt and go to the folder that contains your .pfx file.
  3. Run the following command to extract the private key:
    openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]
    You will be prompted to type the import password. Type the password that you used to protect your keypair when you created the .pfx file. You will be prompted again to provide a new password to protect the .key file that you are creating. Store the password to your key file in a secure place to avoid misuse.
  4. Run the following command to extract the certificate:
    openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
  5. openssl rsa -in [drlive.key] -out [drlive-decrypted.key]

Convert .pfx file to .pem format

There might be instances where you might have to convert the .pfx file into .pem format. Run the following command to convert it into PEM format.

openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

source :https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file

回复 原文
身边 2024-07-19 03:21:36

可能与OP的Q无关,但我尝试了所有带有不同标志的openssl语句,同时尝试与PHP \SoapClient(... ) 三天后我终于找到了一个适合我的解决方案。

GitBash

$ cd path/to/certificate/
$ openssl pkcs12 -in personal_certificate.pfx -out public_key.pem -clcerts

首先,您必须输入 YOUR_CERT_PASSWORD 一次,然后输入 DIFFERENT_PASSWORD! 两次。 后者可能可供所有有权访问代码的人使用。

PHP

$wsdlUrl   = "https://example.com/service.svc?singlewsdl";
$publicKey = "rel/path/to/certificate/public_key.pem";
$password  = "DIFFERENT_PASSWORD!";

$params = [
    'local_cert' => $publicKey,
    'passphrase' => $password,
    'trace' => 1,
    'exceptions' => 0
];

$soapClient = new \SoapClient($wsdlUrl, $params);

var_dump($soapClient->__getFunctions());

Might be irrelevant to OP's Q, but I've tried all openssl statements with all the different flags, while trying to connect with PHP \SoapClient(...) and after 3 days I finally found a solution that worked for me.

GitBash

$ cd path/to/certificate/
$ openssl pkcs12 -in personal_certificate.pfx -out public_key.pem -clcerts

First you have to enter YOUR_CERT_PASSWORD once, then DIFFERENT_PASSWORD! twice. The latter will possibly be available to everyone with access to code.

PHP

$wsdlUrl   = "https://example.com/service.svc?singlewsdl";
$publicKey = "rel/path/to/certificate/public_key.pem";
$password  = "DIFFERENT_PASSWORD!";

$params = [
    'local_cert' => $publicKey,
    'passphrase' => $password,
    'trace' => 1,
    'exceptions' => 0
];

$soapClient = new \SoapClient($wsdlUrl, $params);

var_dump($soapClient->__getFunctions());
回复 原文
我一向站在原地 2024-07-19 03:21:35

我认为最简单的方法是使用 Windows 管理控制台中的证书管理器导入然后导出它。

the simple way I believe is to import it then export it, using the certificate manager in Windows Management Console.

回复 原文
(り薆情海 2024-07-19 03:21:35

如果您使用 PowerShell,则可以使用类似以下内容(给定 pfx 文件 InputBundle.pfx)来生成 DER 编码(二进制)证书文件 OutputCert.der

Get-PfxCertificate -FilePath InputBundle.pfx | 
Export-Certificate -FilePath OutputCert.der -Type CERT

为了清晰起见添加了换行符,但您当然可以将所有这些都放在一行中。

如果您需要 ASCII/Base64 编码的 PEM 格式的证书,您可以采取额外的步骤来执行此操作,如其他地方所述,例如这里: https://superuser.com/questions/351548 /windows-integrated-utility-to-convert-der-to-pem

如果您需要导出为 DER 编码以外的格式,您可以更改 Export- 的 -Type 参数使用 .NET 支持的类型的证书,如 help Export-Certificate -Detailed 中所示:

-Type <CertType>
    Specifies the type of output file for the certificate export as follows. 
     -- SST: A Microsoft serialized certificate store (.sst) file format which can contain one or more certificates. This is the default value for multiple certificates. 
     -- CERT: A .cer file format which contains a single DER-encoded certificate. This is the default value for one certificate. 
     -- P7B: A PKCS#7 file format which can contain one or more certificates.

If you're working in PowerShell you can use something like the following, given a pfx file InputBundle.pfx, to produce a DER encoded (binary) certificate file OutputCert.der:

Get-PfxCertificate -FilePath InputBundle.pfx | 
Export-Certificate -FilePath OutputCert.der -Type CERT

Newline added for clarity, but you can of course have this all on a single line.

If you need the certificate in ASCII/Base64 encoded PEM format, you can take extra steps to do so as documented elsewhere, such as here: https://superuser.com/questions/351548/windows-integrated-utility-to-convert-der-to-pem

If you need to export to a different format than DER encoded, you can change the -Type parameter for Export-Certificate to use the types supported by .NET, as seen in help Export-Certificate -Detailed:

-Type <CertType>
    Specifies the type of output file for the certificate export as follows. 
     -- SST: A Microsoft serialized certificate store (.sst) file format which can contain one or more certificates. This is the default value for multiple certificates. 
     -- CERT: A .cer file format which contains a single DER-encoded certificate. This is the default value for one certificate. 
     -- P7B: A PKCS#7 file format which can contain one or more certificates.
回复 原文
伴随着你 2024-07-19 03:21:34

PFX 文件是 PKCS#12 个人信息交换语法标准捆绑包。 它们可以包含任意数量的私钥以及随附的 X.509 证书和证书颁发机构链(设置证书)。

如果您想提取客户端证书,可以使用OpenSSL的PKCS12工具

openssl pkcs12 -in input.pfx -out mycerts.crt -nokeys -clcerts

上面的命令将以 PEM 格式输出证书。 “.crt”文件扩展名由 macOS 和 Window 处理。

您在问题中提到了“.cer”扩展名,该扩展名通常用于 DER 编码文件。 二进制编码。 首先尝试“.crt”文件,如果不被接受,可以轻松从 PEM 转换为 DER:

openssl x509 -inform pem -in mycerts.crt -outform der -out mycerts.cer

PFX files are PKCS#12 Personal Information Exchange Syntax Standard bundles. They can include arbitrary number of private keys with accompanying X.509 certificates and a certificate authority chain (set certificates).

If you want to extract client certificates, you can use OpenSSL's PKCS12 tool.

openssl pkcs12 -in input.pfx -out mycerts.crt -nokeys -clcerts

The command above will output certificate(s) in PEM format. The ".crt" file extension is handled by both macOS and Window.

You mention ".cer" extension in the question which is conventionally used for the DER encoded files. A binary encoding. Try the ".crt" file first and if it's not accepted, easy to convert from PEM to DER:

openssl x509 -inform pem -in mycerts.crt -outform der -out mycerts.cer
回复 原文
~没有更多了~

关于作者

挽清梦

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

苦中寻乐

文章 0 评论 0

lueluelue

文章 0 评论 0

嗼ふ静

文章 0 评论 0

王权女流氓

文章 0 评论 0

与花如笺

文章 0 评论 0

残酷

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文