[Freeipa-users] PEM and DER certificate formats
John Dennis
jdennis at redhat.com
Fri Jan 6 21:58:53 UTC 2012
On 01/06/2012 04:45 PM, Stephen Ingram wrote:
> I noticed a message on here some time ago about changing IPA to output
> certificates in PEM format instead of DER. I see that in version
> 2.1.4, the UI does indeed output in PEM format. It appears as though
> the CLI still outputs in DER. Is this the case? I agree that PEM is
> certainly more typical, however, when working with the Java keystore,
> it asks for DER format. Should I still be able to get that from IPA or
> should I just use openssl to convert it?
It's much better to use PEM format, it's portable and accepted by all
PKI software.
The --out option of cert_show command line writes the cert in PEM format
to a file.
Thus both the web UI and the command line both now support PEM.
Not sure about the Java keystore, I would expect it should accept either
DER or PEM but if indeed it only support DER then it's trival to convert
PEM to DER. There should be an existing utility to do it. If not it's as
simple as taking the text between the PEM delimiters and base-64
decoding it.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list