Monthly Archives: May 2012

Getting certificates from Windows p7b certificate files

I was given a binary certificate chain and needed the ASCII versions of the CA certificates.  Unfortunately, I wasn’t able to get openssl to do this, and had to resort to using a Windows machine (on Win7 I got an ‘install certificate’ menu item when right-clicking on the p7b file in windows explorer).  Double click on the file and you’ll be able to navigate to the certificates in the window that opens (with crypto shell extensions).  You can then right-click > all tasks > export for the individual certificates, and export into a der file, which openssl can then convert to pem.

Here are the errors I got from various ssl commands that I tried:

user@ubuntu:~/certs$ openssl x509 -inform der -in Certificate.p7b -out Certificate.pem
unable to load certificate
31083:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316:
31083:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_CINF
31083:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509

user@ubuntu:~/certs$ openssl pkcs7 -print_certs -in Certificate.p7b -out Certificate.pem
unable to load PKCS7 object
31109:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: PKCS7

user@ubuntu:~/certs$ openssl pkcs12 -in Certificate.p7b
31162:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316:
31162:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828:
31162:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=version, Type=PKCS12

user@ubuntu:~/certs$ openssl nseq -in Certificate.p7b
Error reading sequence file Certificate.p7b
31475:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: CERTIFICATE