Pki pipeline

public key infrastructure is a useful and common technology, but there are a whole bunch of key and certificate formats, and along with various wrappers and devices to protect these files.

http://www.sslshopper.com/article-most-common-openssl-commands.html

Signed certificated
basically a signed public key

.crt .cert

Certificate request format
a intermediate format designed to wrap the request of a certificate to be signed by a CA

Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

Check a private key

openssl rsa -in privateKey.key -check

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

public key
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5

Check an SSL connection. All the certificates (including Intermediates) should be displayed

openssl s_client -connect www.paypal.com:443

firefox
firefox supports pkc12 certicates for use in client authentication

Conversion
Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates. Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

online tools for conversion
(dont upload your private key to an untrusted 3rd party)