Loading...

Export SSL/TLS certificates with openssl

openssl has a handy way to extract and save certificates for further usage. Comes in handy, if you have to setup e.g. key-stores in Java. This post demonstrates how to export binary and ASCII encoded certificates.

Binary encoded certificate

The DER extension is used for binary DER encoded certificates data. Export it

openssl s_client -showcerts -connect cinhtau.net:443 < /dev/null | openssl x509 -outform DER > cinhtau.der

View it (output shortened)

tan@pavilion:~$ hexdump -C cinhtau.der
00000000  30 82 05 0f 30 82 03 f7  a0 03 02 01 02 02 12 01  |0...0...........|
..
00000510  8a ed 5b                                          |..[|
00000513

ASCII encoded data

The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored.

openssl s_client -showcerts -connect cinhtau.net:443 < /dev/null | openssl x509 -outform PERM > derp.perm

View certificate (output shortened)

tan@pavilion:~$ cat cinhtau.perm
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAaIBPGf27jqM0aPwVl+1rpuhMA0GCSqGSIb3DQEBCwUA
..
hs9JyqagwgHMhnA9wj6xwlZZOAaL2x1I64sbXVYcOvcC1XAM422GpEb37KYoEI6V
iu1b
-----END CERTIFICATE-----
ssl