1. Проверка срока истечения действия сертификата в формате .p12 / .pfx:
[code]
openssl pkcs12 -in testuser1.pfx -nokeys | openssl x509 -noout -enddate
[/code]
Если вы желаете указать пароль в коммандной строке, добавьте -passin pass:»${pass}»
2. Экспорт ключа и сертификата из .p12 / .pfx:
[code]
openssl pkcs12 -clcerts -nokeys -in myContainer.p12 -out usercert.pem
openssl pkcs12 -nocerts -in myContainer.p12 -out userkey.pem
[/code]
3. Подключение к HTTPS серверу с использованием клиентского ключа:
[code]
openssl s_client -connect gmail.com:443 -cert usercert.pem -key userkey.pem
[/code]
When I tried with the command:
openssl pkcs12 -in key.p12 -nokeys | openssl x509 -noout -enddate
it gives the following error:
24453:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
24454:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
I don’t think your certificate is correctly formatted. I got similar problems when I saved an x509-certificate with notepad to disk. Notepad created a BOM-character in the beginning of the file and also incorrect line endings.
(This can be verified with vi by opening the x509 cert file with vi -b certfile.cer
if you see strange xml-like chars in the very beginning of the file, that’s the BOM-character and it can be safely deleted.
if you see every line end with ^M then you have windows newlines making the file base64-encoding corrupted. you can substitute them with
:%s/^M//g
please note that you press and hold the CTRL-key and then you press V and M in succession, this will produce ^M.
However, I couldn’t create a p12 bundle with the aforementioned issues with the cer-file. Did you rename your file to p12 or did you bundle it using the openssl cli-tool?
You can create a p12 from:
* chain file containing CA root cert + intermediate CA cert(s)
* private key, starts with ##### BEGIN PRIVATE KEY #####
* public key, starts with ##### BEGIN CERTIFICATE #####
openssl pkcs12 -export -out outfile.p12 -inkey keyfile.key -in publicCert.cer -certfile chainCAcerts.crt
You will be prompted to choose a password for the p12 file, please keep that safe yet retrievable.