Openssl Encoding Errors While Converting Cer to Pem

OpenSSL encoding errors while converting cer to pem

I had this problem also. Just rename the CER to PEM was enough :)

converting .cer to .pem returns error 'unable to load certificate'

Your certificate is already in PEM format. Just rename it from certificate.cer to certificate.pem

Getting an error while converting .crt to .pem file

The ABC.crt content is invalid certificate file.

In fact, the file contains two certificates. I found a "," delimiter inside and file contains two certificates. The file is badly formed.

If you remove this delimiter (split) and put base64 strings before and after delimiter into separate files, you will get two normal X.509 certificates in base64 encoding.

If you wrap these Base64 strings, you get perfectly formatted PEM files, you even don't need to do with OpenSSL.

One:

-----BEGIN CERTIFICATE-----
MIIDYTCCAkmgAwIBAgIGAV0znSRkMA0GCSqGSIb3DQEBCwUAMFkxEzARBgoJkiaJ
k/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZvcmFjbGUxFTATBgoJkiaJk/Is
ZAEZFgVjbG91ZDETMBEGA1UEAxMKQ2xvdWQ5Q0EtMjAeFw0xNzA3MTEyMTQ1MjJa
Fw0yNzA3MTEyMTQ1MjJaMFYxEzARBgNVBAMTCnNzbERvbWFpbnMxDzANBgNVBAMT
BkNsb3VkOTEuMCwGA1UEAxMlaWRjcy05Y2I1NzYwM2QwYjc0Mjg0ODFiNDQ0NTgz
YWZlNzAxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANuTVdug3dS1
RjR5ydP90IAUWkGcx/iwQCsinGPA8k1dtHAs4coZpCM0z4XDEu/zbVPshVx7Og2e
uNdOFFelAPVMz/C4tm8LMk5ZROY4u8VUao7O4V2uMiJlROPEY9FbZpk5a7lh1Bsn
xPlH6qfm4LZtnsjmWo12OzQ72RQRElsxaqbyAGPX/A6IoFvNVhNvuReqHl7boksF
wXrdBzq9uJ9VF0YN+3JuMOgMersTcW0SLARepXXhaXe45MlhXYx1ZbPj/3sHb4mo
6iRDK9oTha2dInGQ+9fHKrQ/HgDFjRojqwYjHtBrKcHz2DCHdf9Em4oJEBI7lCQ4
gKHIp40RuW0CAwEAAaMyMDAwHQYDVR0OBBYEFFwscxks8Q/z+4FUAi2yryyXi6/v
MA8GA1UdDwEB/wQFAwMH2AAwDQYJKoZIhvcNAQELBQADggEBACOAvdb3CV9I1Q14
TnloVWFEZBgbeWy9DlvWQT148zuaXuZu9+zoxyR5+8AfjXSoXXqTeFWD98ZfB9sM
6HnKP2j/8Ja8E/rH0u4biB3pysnqbGQn7so+JA+sB7aujILa+SBXt84iKf252oSK
6cOHnhCNduKof4LFCcfLMxT5WwY5WJd0N+6J64yhEphsRhFZTdu6wHjOzLhncaN5
jEppCdC5+52qmKX65hCjXDu6rdrCtoHjpZVfB8KWtqdda8R9obhfvxTo2aho1ye4
HcPYOmZOMIuGAK3Wv7eupuhDOset4huJUAvCO99TSyQFZhW8XbwrKynPUxRD9GXh
b4QvzK0=
-----END CERTIFICATE-----

and two:

-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIINViiv6s6qqgwDQYJKoZIhvcNAQELBQAwWTETMBEGCgmS
JomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBm9yYWNsZTEVMBMGCgmSJomT
8ixkARkWBWNsb3VkMRMwEQYDVQQDEwpDbG91ZDlDQS0yMCAXDTE2MDUwMzA4MDIx
N1oYDzIxMTYwNDA5MDgwMjE3WjBZMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYK
CZImiZPyLGQBGRYGb3JhY2xlMRUwEwYKCZImiZPyLGQBGRYFY2xvdWQxEzARBgNV
BAMTCkNsb3VkOUNBLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW
kN6qRNHvItlZ+yQ2RjJ8kGQGRHjP6F+BNYrsKM0okDmuNDZyGoNvbhJD0mEZUDiK
okaJJ0+pTSl6EHUzqYQPD8r0OcP+fk2TqR2v2PvPmt6KKXicFPUIoDUnznmdKdgC
P+TJE8QjKZgJenR1Y6Q6JW6I1G3bo+auSaL5sITLV8JnN/kd1XWejFEMpovMp8Wd
Bid2wi9abDoygndI9YPfM64/vG1qF1vb8TgyIRRqRRF6DvFa3O6TIjhp9UU8zVfa
uYmn9BkRt2pylJ2wntfg9FYsl6ZSydltMHQcuHETnxLoJbUwRYv4ah1ca2o0EYZW
lGy2EtyX7Qi/ECAKMWSlAgMBAAGjNTAzMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD
VR0OBBYEFMsXQZBqmxc1LqYNCYwt9OCIMZGRMA0GCSqGSIb3DQEBCwUAA4IBAQC3
IFrmt4eQ2Ggx6cp4I9F57BuKBRjH4cbebFM+gL6mvaUsOhtzzZHuR05a5BQYW1CF
U7CG2cGEjeSeBqWLcKbq5iXC44gdMcFWH7R5GApNJO3CNI8QZJdbzLWDF0UzPKXx
cHwF8niduJuyFwfe/pcW4aWzFdOLKAlIv1iXeungmdhZLg37yh3Zt7WnTAtQFgM0
cvxkZlRcreQVisvLtZvTd+wVAUNo57ws/y1cPIBiWwxrvcFDv3+U0I+y2eVqbtmV
2nWKeQ1aisBLdQydsuatQM8+C4nFC+BJvfdkYY+6+JNeTc6GCnTpQo3/nkDHH08P
GR5Rs+NAdvlshL1GgHbU
-----END CERTIFICATE-----

problem converting pkcs12 file into a pem

Your cert looks like a PEM certificate which you are converting to PEM again.

Just edit the certificate by keeping only the contents between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and then try. It should work.

Example:

-----BEGIN CERTIFICATE-----
MIIGJjCCBA6gAwIBAgIJAMDVkmXEzJzZMA0GCSqGSIb3DQEBCwUAMIGiMRUwEwYD
YTESMBAGA1UEBxMJQ3liZXJqYXlhMSkwJwYDVQQKEyBJbmxhbmQgUmV2ZW51ZSBC
b2FyZCBPZiBNYWxheXNpYTEqMCgGA1UECxMhSW50ZXJuYXNpb25hbCBUYXhhdGlv
biBEZXBhcnRtZW50MB4XDTE4MDEwODEwMDk0M1oXDTQ2MDEyMTEwMDk0M1owgaIx
FTATBgNVBAMTDGhhc2lsLmdvdi5teTELMAkGA1UEBhMCTVkxETAPBgNVBAgTCE1h
bGF5c2lhMRIwEAYDVQQHEwlDeWJlcmpheWExKTAnBgNVBAoTIElubGFuZCBSZXZl
AQDR1Ws2Wmao88RyDs6Mlc3IfEDTanGB6+93ppe94CcA/9nwgiOXMEuMaiu7oF2m
/FMsu2vVoPpXnuqvtANoJsc7jcAXottvEF8sthibTOR98N++QHo9wbUl2uhfJzxK
uEH3Pa0ekSAZN1I0EUdfOmn8lY0fui4QXr9s9TsavvHafx8/NrFaIiSNnKi3xKEg
choMAap/zNeDUXf3Pio99rAaCBjHVI1ZEC7m4ve6G6J8715Zs5jf9AWieWhpg9Nk
Si8Yqt/znKE4xdxNhIDkWIJHrsHoVpje5h01KatN5HIdW+dfxCcAHkD3ZiT5rV1u
LEN9aNckWTzv8sbjCfKzOXogtQOizNhqwun0CHsujUhNOrI2cYlyda/0Ad8nHbm2
UiLCQvNQv5l81pjaB6oBdmwHIHZsLYCRxveWEjX2aSIl9Xt/al8fR2MM2nPmNIlF
PjRfAGmL3kmABxqRmfj505AgQn9wagtL6O8zg32eoVwaZyJfis1K4lcuOpwOKFpz
hm/2tkV22NuwropW8VHsxYTAqIbLkCMy+fH3R1cWOv8fDXqXtCGG3t1d5bUtmg6I
CRlSYWGaJvP43dQc2QVReyq+lOs9y+EyK11rF1cRM6LEqOQ+fB0V5M8ftOcx0nQ1
J1iLGT10D3vyHVZh2Ab8iCkRq0kA2hihYI5Dc+ghuZGDWwIDAQABo10wWzAJBgNV
HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUARc5dd5V+30sPQpNZ1aG
ystXahAwHwYDVR0jBBgwFoAUARc5dd5V+30sPQpNZ1aGystXahAwDQYJKoZIhvcN
AQELBQADggIBAGXow+tQOfsDj9M0aNmxZ2ivJrqZQXGEOYd2wi1t+um9uswug61J
QIreVUn4xPMRoXVRtVbtc2xlHCbpmVhh5noVW4Y/Ym/2gMYpti3Ruta2N1PfPs8k
G1yq4Bv5zIHAbU0j/EWYuYF9Oit4BEPfhLC33eFxtr49VBYPTacbrlOvXkd+Stxi
FDnOdrOYL6qs1mB9boxfyB1sLijs2j4Ht5wz38j/1lQqDUJ4mfdZ2d9CGqc798l8
s13mECG4h9oj+MHgakpTci1nLnWRq/j01Cw/hq94jWCPwhEyMonnsWuG+EKNPTQ7
+OkJDDuen3jDGD4mlsN/vW5ILvqMfKhBNv+GdLI6hJGps7Eb7cAZ5ihfnoWdf+38
64tZWK07q9TJzo5asQ+2OdtcuuPVuPdBEC8eDtI0JpgKwX0PUxjsciXYwYFGAb3z
xooszCvWH+MJ0zv3jWYbr1DtgWnTSumb8GlhPuF3t+vfOZ1enlYnrHiRaDCXRLOo
t9yO0hsa9Sotz3Rbfc2MQuT9PRSW+2w8cTOtJZkh7QvX9q8TlwSENKRp
-----END CERTIFICATE-----

Openssl errors in PowerShell when converting certificates

Was able to figure it out. In my code for converting the CER file to PEM, When recursing through my folders I added the line to include only the CER files and not the Key files in there as well. Below is the edited code.

if($CertType -eq "PEM") {
    Get-ChildItem $ScriptPath\$Kit -Recurse -include "*.cer" | ForEach-Object {
        $OutFile = $_.FullName.ToString().Replace(".cer",".pem")
        openssl x509 -in $_.FullName -outform PEM -out "$Outfile"}
}

error while converting pem encoded certificate to der using openssl

The example CER you've provided is not in a format OpenSSL will accept.

OpenSSL expects PEM formatted certificates to have a maximum line length of 64 characters so you'll need to add a line break after every 64th character. Additionally, you'll want to add -----BEGIN CERTIFICATE----- as the first line and -----END CERTIFICATE----- as the last line. At this point the OpenSSL CLI will allow you to parse and convert the file to DER.

Be sure those begin/end lines have five dashes to start/end them or else you'll still get errors.

---

Related Topics