DER and PEM Certificates with CA XCOM

Document ID : KB000117297
Last Modified Date : 10/10/2018
Show Technical Document Details
The underlying OpenSSL routines will process certificates encoded with DER and also DER wrapped into PEM.
The OpenSSL docs state that DER encoding is also accepted. The OpenSSl support utility can extract DER/PEM certificates from PKCS#12 files.
View PEM encoded certificate
Use the command that has the extension of your certificate replacing with the name of your certificate
openssl x509 -in cert.cer -text -noout
If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate  below”
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
View DER encoded Certificate
openssl x509 -in certificate.der -inform der -text -noout
If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above
unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
Transforms can take one type of encoded certificate to another. (ie. PEM To DER conversion)
openssl x509 -in cert.cer -outform der -out cert.der
openssl x509 -in cert.cer -inform der -outform pem -out cert.pem