If all you have is the certificate in text form (hopefully with the details of the public key modulus and exponent, and signature), you're going to have to rebuild the ASN.1 structure and its DER format (the PEM representation is the base-64 encoding of the DER form).
If all you have is the certificate in text form (hopefully with the details of the public key modulus and exponent, and signature), you're going to have to rebuild the ASN.1 structure and its DER format (the PEM representation is the base-64 encoding of the DER form). You'll also have to rebuild the exact list of extensions in the certificate. Most text forms I know (for example, the output of openssl x509 -text or the browser's display tool) will convert the OIDs and values of the extensions into a more human-readable format, based on the specifications describing these extensions, if known to the developers of these tools.
Doing it in the reverse order systematically more or less implies reading a large number of specifications describing the potential extensions and working out what the human-readable text coming out of these tools was representing. The PKIX RFC is one of these specifications, and it's not going to be an easy thing to read, especially if you're beginning in the field. On top of this, you might not be able to form the ASN.1 structure in the exact same order as it was in the actual certificate.
You need to be able to reconstruct the exact binary structure if you want to be able to verify the signature of the certificate. In the general case, I'd say doing this successfully is unlikely. EDIT: Considering what you said, you seem to be using LibNSS's certutil: Try: certutil -L -r -n "the-cert-nickname" -d .
| openssl x509 -inform DER -outform PEM.
Ahh...Thank you very much. That seemed to do the trick. However Verification seems to fail when I try it with the new pem.
I guess that is a different question then. Do I need to create a seperate question or Do you think I can edit this one itself? Anyway thanks a lot – Hari May 26 at 21:03 I'd say it's probably a different question.
Try to say which tools you're trying to use. Both certutil and openssl should be capable of performing some form of verification. – Bruno May 26 at 21:05.
I am not sure what you are presenting in your post. This seems the visualization of an existing certificate. Are you viewing it via windows?I.e.
Opening a . Der or . Cer file?
If this is the case if you go in the details tab, press copy to file and save it as pem. If you need to save it that format that is.
Thanks for the reply. Unfortunately though I am not doing any f that. I am getting this from a text file which gets it from a remote cert8.
Db file (i think by doing something like certutil -L -n...) However I don't have any crt or der file and the only information that I have is this certificate in text format. Also to clarify I am not viewing it via windows, it is stored in a text file in a linux machine. Thanks yet again – Hari May 26 at 20:21 What you are seeing is the certificate information as logged by the application.
What you need is to extract the certificate from the cert8.db. Do you have access to it? – user384706 May 26 at 20:25 I do have access to the cert8.db.
However I donot have the key3. Db file (It seems to have been obscured by the application). So I am unable to do anything with it.
Like I said I am very new to this and I am stuck and not being able to do this. – Hari May 26 at 20:27 If you can not open the certificate storage, perhaps there is another way to get the actual certificate. Is the certificate deployed by the application?
E.g.Is this the certificate of a web site? If yes just log to the site via https and copy the certificate from the browser – user384706 May 26 at 20:32 Well I do have the cert8.db. But again I don't know how to get all the certs into a PEM format.
Maybe you can help me with something on this? Thanks yet again – Hari May 26 at 20:35.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.