SSL憑證的各種轉換

  

Private key:

openssl> pkcs12 -in backup.pfx -nocerts -out private.key

Certificates:

openssl> pkcs12 -in backup.pfx -clcerts -nokeys -out public.cer

IIS:

pkcs12 -export -out xxx_server.pfx -inkey xxx_server.key -in xxx_server.crt

Domino:

openssl> pkcs12 -in backup.pfx -out server.pem -nodes -chain

Command Prompt:  c:\IBM\notes\kyrtool.exe verify "c:\server.txt"

Command Prompt: kyrtool "=c:\IBM\notes\notes.ini" create -k "c:\IBM\notes\data\keyfile.kyr" -p password

Command Prompt:  kyrtool "c:\IBM\notes\notes.ini" import all -k "c:\IBM\notes\data\keyfile.kyr" -i "c:\users\user\server.txt"

c:\IBM\notes\data\keyfile.kyr > domino\data\keyfile.sth

c:\IBM\notes\data\keyfile.sth > domino\data\keyfile.sth

JDE:

keytool -importkeystore -srckeystore "D:\myweb_com.pfx" -srcstoretype pkcs12 -destkeystore "D:\myweb_com.jks" -deststoretype JKS

keytool -v -list -storetype jks -keystore "D:\myweb_com.jks"

keytool -import -alias root -keystore "D:\myweb_com_trust.jks" -file "D:\STAR_myweb_com.crt"

ubuntu:

openssl pkcs12 -in myweb_com_tw.pfx -nocerts -out myweb_com_tw_encrypted.key

openssl rsa -in myweb_com_tw_encrypted.key -out myweb_com_tw.key

openssl pkcs12 -in myweb_com_tw.pfx -clcerts -nokeys -out myweb_com_tw.crt

openssl pkcs12 -in myweb_com_tw.pfx -cacerts -out myweb_com_tw_bundle.crt

type myweb_com_tw.crt myweb_com_tw_bundle.crt > myweb_com_tw_chained.crt

/etc/ssl/private/myweb_com_tw_chained.crt

/etc/ssl/private/myweb_com_tw.key

To pem:

openssl pkcs12 -in your.pfx -nocerts -out your.key

openssl rsa -in your.key -out your-decrypted.key

openssl pkcs12 -in your.pfx -clcerts -nokeys -out your.crt

openssl pkcs12 -export -inkey your-decrypted.key -in your.crt -out your.pem