[Freeipa-users] PEM and DER certificate formats
Rob Crittenden
rcritten at redhat.com
Fri Jan 6 21:55:54 UTC 2012
Stephen Ingram wrote:
> I noticed a message on here some time ago about changing IPA to output
> certificates in PEM format instead of DER. I see that in version
> 2.1.4, the UI does indeed output in PEM format. It appears as though
> the CLI still outputs in DER. Is this the case? I agree that PEM is
> certainly more typical, however, when working with the Java keystore,
> it asks for DER format. Should I still be able to get that from IPA or
> should I just use openssl to convert it?
The cli outputs a base64 blob of data. If you took that and ran it
through a base64 decoder you'd have DER format. You can't get DER
directly right now. We could probably add an option to write a file in
DER format if you wanted to open an RFE on our trac instance.
rob
More information about the Freeipa-users
mailing list