I couldn't find in the questions a tool that adds digital signatures to a .pdf file via the linux command.
I need a tool that adds digital certificate to .df files
I have the .pfx certificate
Check this out : https://github.com/jmarxuach/BatchPDFSign
BatchPDFSign is a jar command line to sign PDF file with a PKCS12 certificate.
To use it you need a PKCS12 certificate. It should be a .pfx file. The password for the .pfx and a PDF file to sign.
Related
I want to be able to send certificates in my API requests.
Please see - Add certificate on request with RestSharp
As shown in that post. I need to convert .crt and .key to .pfx , however my current certificates are .pem, so I thought I will need to convert them into .crt and .key first and then use the openssl comand used in that post to convert them into .pfx and then carry on with the rest of the solution.
My certificates are -
CRT file -
C:\Users\JohnSmith\Downloads\certsh\client-crt.pem
Key file -
C:\Users\JohnSmith\Downloads\certsh\client-key.pem
I was able to convert the Key file to a .key , but when trying to convert the CRT file I am getting this error.
unable to load certificate 13668:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: TRUSTED CERTIFICATE error in x509
I am using this command to try and convert the .pem to .crt
x509 -outform der -in client-csr.pem -out client.crt
The extension .pem indicates that the format of the file is PEM (Privacy-Enhanced Mail) (RFC 7468). The content of the file may be a certificate, a private key, a public key, or something else. If you open a PEM file with a text editor, your will see -----BEGIN ?????----- at the top.
The extension .crt implies that the content of the file is a certificate. However, the extension does not tell anything about the file format. The format may be PEM, DER (Distinguished Encoding Rules) (X.690), or something else. If the file contains -----BEGIN CERTIFICATE-----, the format is PEM. On the other hand, if the file contains binary data, it is likely that the format is DER.
The extension .key implies that the content of the file is a private key. However, the extension does not tell anything about the file format. The format may be PEM, DER, or something else. If the file contains -----BEGIN PRIVATE KEY-----, the format is PEM. On the other hand, if the file contains binary data, it is likely that the format is DER.
The string csr, which is a part of the file name client-csr.pem, implies that the content of the file is CSR (Certificate Signing Request). Note that CSR is NOT a certificate. It seems you are trying to convert the file format of client-csr.pem from PEM to DER, but the CSR will never become a certificate by converting the file format. What you should give to the openssl command is not client-csr.pem but client-crt.pem, I think.
Understanding relationship among ASN.1 (X.680), DER (X.690), BASE64 (RFC 4648) and PEM (RFC 7468) will improve the quality of your questions and help you avoid wasting time. I hope that diagrams below excerpted from "Illustrated X.509 Certificate" can help you.
One of our certificate is about to expire and by using keytool explorer i selected the .jks file and in that many certificates are there and one is expiring. To renew that certificate i have exported the certificate by using the keystore explorer and got a .cer file. when i shared the .cer file to the client he asked to send the csr file.
enter image description here
You should be selecting the Generate CSR option for that key pair. This will generate the CSR that you need to send.
This question already has answers here:
How to get .pem file from .key and .crt files?
(12 answers)
Closed 4 years ago.
I downloaded the files from a ssl purchase and got from it the following files:
ServerCertificate.cer
CACertificate-ROOT-2.cer
CACertificate-INTERMEDIATE-1.cer
PKCS7.p7b
A client requires 2 crt.pem files. One of which needs to come from the ServerCertificate.cer and another from a so called PFC file that should of been provided. Which is aparently a combination of the certificate and the key.
I have tried using:
openssl x509 -inform der -in certificate.cer -out certificate.pem to convert the first file however I get a "Unable to load certificate" error.
What am I doing wrong?
PS Please dont link me to https://www.sslshopper.com/ssl-converter.html, as this isn't working either.
If by PFC you actually mean PFX, then you can convert p7b to pfx (PKCS#7 to PKCS#12) using openssl.
ServerCertificate.cer is most likely PEM. Follow Steffen's comment:
Extensions do not matter. It is likely that your *.cer files are already in PEM format and you just have to rename these if you want a file name of *.pem but not convert. Look at the contents with some editor: if it is binary it is likely DER encoded, if it starts with something like -----BEGIN CERTIFICATE----- it is PEM encoded.
If it is not PEM, then it is binary and openssl can convert it to PEM.
Normally you need two files: the private key (ServerCertificate.key) and the certificate (ServerCertificate.cer). Sometime you also need the root and intermediate certificates depending on who issued your certificate (you don't say).
None of the file that you listed is the private key. This was created as the first step to create the CSR (certificate signing request) that you sent to the ssl vendor. PFX has the option to include the private key in its file format.
If you created the CSR on Windows (IIS) then you don't send anything to the customer, you complete the CSR on the computer that created the CSR. Then you can export the certificate package.
I am config the ssl using Mechanize, according the document I need to set the
agent.cert = 'example.cer'
agent.key='example.cer'
but how can I get these two file? I also find that ssl file has a lot of types, such as .cer .pem .crt .key, what is the relationship between them?
Let's start from PEM files, which are your digital certificates written in form encoded in only basic ASCII characters, they can be easily copy&pasted, e-mailed, printed. More about them:
Working with PEM files
How to get an OpenSSL .pem file from .key and .crt files?
The file with .crt extension is PEM or DER, which is just binary encoded certificate. This extension is recognized by Windows, while PEM or DER aren't.
The file with .key extension is just your private key. It's stored in separate file. Format not standardized.
You will find more information about all these formats in the answer on serverfault: What is a PEM file and how does it differ from other OpenSSL generated key file formats?
Bit of a silly question, but:
What kind of file(s) do you get when you buy an SSL certificate from a trusted CA?
Is there a .pfx file?
I'm working on a small tool to manage SSL certificates, but I'm not sure exactly what kind of certificates I'll be dealing with besides the self-signed ones that I create myself.
Thanks!
.pfx file extension is one. The below text from IBM has some indepth information.
Certificate file types
Certificates and keys are stored in several types of files.
Files that store certificates and keys can have the following formats:
.pem
A privacy-enhanced mail file, which has a file extension of .pem, begins and ends with the following lines:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
A privacy-enhanced mail format supports multiple digital certificates, including a certificate chain. If your organization uses certificate chaining, use this format to create CA certificates.
.arm
A file with an extension of .arm contains a base-64 encoded ASCII representation of a certificate, including its public key, but not its private key. An .arm format is generated and used by the IBM® Key Management utility. Specify this format to extract a self-signed certificate from the machine on which the self-signed certificate was generated to the machine that will use the self-signed certificate as the CA certificate.
.der
A file with an extension of .der contains binary data. This format can be used only for a single certificate, unlike a file with a privacy-enhanced mail format, which can contain multiple certificates. Specify this format to extract a self-signed certificate from the machine on which the self-signed certificate was generated to the machine that will use the self-signed certificate as the CA certificate.
.pfx (PKCS12)
A PKCS12 file, which has an extension of .pfx, contains a certificate (CA-issued certificate or self-signed certificate) and a corresponding private key. Use this format to transfer the contents of a keystore to a separate machine. For example, you can create and install a certificate and private key using key management utility, export the certificate and key to a PKCS12 file, then import the file into another keystore. This format is also useful for converting from one type of SSL implementation to a different implementation. For example, you can create and export a PKCS12 file using the IBM Key Management utility, then import the file on another machine using the OpenSSL CertTool utility.
The text above is a verbatim copy from IBM Eclipse Help.