[openssl-users] Cant get openssl x509 to work as documented

Viktor Dukhovni openssl-users at dukhovni.org
Tue Aug 22 14:19:07 UTC 2017

> On Aug 21, 2017, at 9:02 PM, Robert Moskowitz <rgm at htt-consult.com> wrote:
> openssl x509 -req -days 3650 -extensions v3_intermediate_ca -inform $format\
> -in $dir/csr/intermediate.csr.$format -outform $format -out $dir/certs/intermediate.cert.$format\
> -CAkeyform $format -CAkey $cadir/private/ca.key.$format -CAform $format\
> -CA $cadir/certs/ca.cert.$format
> Where format=der and got that der is an invalid option.  Plus the 'help' reported:

It is trivial to convert a PEM certificate to DER, just pipe the output through
"openssl x509 -outform DER".  Mind you this is often the wrong thing to do, because
the DER form of an X.509 certificate holds *exactly* one certificate, while users
often need a certificate *chain*, that also includes the requisite intermediate
certificates.  With PEM, the certificate file can just all the certificates back
to back.  With DER only the EE certificate appears in the file.

While PKCS#7 can hold a bunch of certificates in DER form, it is not typically
used a certificate chain file by any applications, and IIRC there's no indication
of which of the certificates is the end-entity certificate in a PKCS#7 file.

The only widely used DER form for chains is PKCS#12 which holds the private
key as well as the certificate chain, and has a mandatory passphrase.  I use
PKCS#12 (instead of JKS) for Java TLS server applications, set the file
access mode to 0600, and since there's no point in prompting batch applications
for a passphrase, set the passphrase to "umask 077", since that's the only
effective protection for the private key.

It is not clear that PKCS#12 is compellingly more compact than PEM, the only
reason I use it is that Java supports JKS and PKCS#12, but not PEM.

> Note that -CAkeyform is invalid and that -CAkey can only be PEM.

As explained before, the API for DER PrivateKey objects does not
support passwords, and the CLI does not have a way to indicate
the use PKCS8PrivateKey instead.  The PrivateKey interface can
read only unencrypted PKCS#8 in PEM form.

> Even when I used my pem CA key, I still got errors.  -config is
> not an option, where does this command get the config file from?
> -extensions says it looks to the config file for that label!

The config file for "x509 -req" is specified with "-extfile ...".

> SHA256 is not listed as a valid hash.

Many more X.509 digest algorithms are supported in this context
than (sadly) are listed in the manpage.  Perhaps there should
be a command that lists all supported x.509 hash algorithms,
and the documentation for commands that take any of the
supported algorithms can just refer the reader to the output
of that command.


More information about the openssl-users mailing list