On 01/06/2012 04:45 PM, Stephen Ingram wrote:
I noticed a message on here some time ago about changing IPA to output
certificates in PEM format instead of DER. I see that in version
2.1.4, the UI does indeed output in PEM format. It appears as though
the CLI still outputs in DER. Is this the case? I agree that PEM is
certainly more typical, however, when working with the Java keystore,
it asks for DER format. Should I still be able to get that from IPA or
should I just use openssl to convert it?

It's much better to use PEM format, it's portable and accepted by all PKI software.

The --out option of cert_show command line writes the cert in PEM format to a file.

Thus both the web UI and the command line both now support PEM.

Not sure about the Java keystore, I would expect it should accept either DER or PEM but if indeed it only support DER then it's trival to convert PEM to DER. There should be an existing utility to do it. If not it's as simple as taking the text between the PEM delimiters and base-64 decoding it.

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to