C#: Exporting a certificate and the corresponding private key to a pem file
Tom Hofmann
I have program that uses CEnroll and CertRequest to create a certificate
request, send it to the CA, and accept the issued certificate.
The problem I have now is that I want to use the certificate and the
keys on Linux system. For example to use https on an Apache webserver or
tools like STunnel.
Those applications expect the key and certificate to be simply pem
encoded, like when I create them by using the openssl tools.
In C# the only way to export seems to be using the pfx format via
certEnroll.createFilePFX!
Does anybody know how I can "convert" from pfx to pem?
Any help is gladly appreciated!
Tom
Martin Rublik
openssl pkcs12 -in mycert.pfx -out mycert.pem
Regards Martin
Zdenek Drlik
Hello,
look at the Mentalis.org Security Library
(http://www.mentalis.org/soft/projects/seclib/), there is support
conversion to PEM buffer (method ToPemBuffer on Certificate class).
Zdenek Drlik, MCAD
Tom Hofmann
thats right, you can extract keys and certificates from a pfx file by
using openssl. But you need to create the pfx file and then manually
split it up via openssl.
I would like to have it done in one single step. I click the button and
it creates a certificate.pem and the corresponding key file.
Regards,
Tom
Martin Rublik schrieb:
Tom Hofmann
thank you for the info. I will have a look at right now, hopefully it
will work
Bye
Tom
Zdenek Drlik schrieb:
Tom Hofmann
with the .NET 2.0 Version. This should already include all necessary
functions... the big question is, where are they?!?
Zdenek Drlik schrieb:
Mitch Gallant
http://www.jensign.com/opensslkey
Just need to do the inverse (to go from pkcs12 to pem).
- Mitch Gallant
MVP Security
"Tom Hofmann" <Thomas....@3SOFT.de> wrote in message
news:newscache$6zb60j$url$1...@pleione.3soft.de...
Zdenek Drlik
> Unfortunatelly they say that their library is not intended to be used
> with the .NET 2.0 Version. This should already include all necessary
> functions... the big question is, where are they?!?
>
funcionality for PEM converting from them in your application...
Zdenek
Alun Jones
> thats right, you can extract keys and certificates from a pfx file by
> using openssl. But you need to create the pfx file and then manually
> split it up via openssl.
> I would like to have it done in one single step. I click the button
> and it creates a certificate.pem and the corresponding key file.
It's as simple as this:
PFX is the public interchange format supported for sending certificates and
their associated private keys between systems.
PEM is the internal format used by OpenSSL.
To take a certificate and private key from one OpenSSL system to another,
you can simply copy its PEM files across.
To take a certificate and private key from one MS CryptoAPI system to
another, you can simply export to a PFX file, copy it across, and then
re-import it into the other system.
To copy certificates and keys back and forth between OpenSSL and MS
CryptoAPI, you need to convert / export the certificate and key to a PFX
file, then re-import / convert into the target system.
It's that simple.
Life would perhaps have been easier if Microsoft stored all its certificates
as PFX files (but they didn't, and there are advantages to the solution they
chose); life would perhaps have been easier if OpenSSL stored all their
certificates as PFX files (but they didn't, and I'm hard-pressed trying to
think of an advantage to the solution they chose, sadly).
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | al...@wftpd.com.
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.