Well, x509 specifies the representations of crypto objects (like certificates and keys) as sequences of binary bytes [1].
DER [2] is just those binary bytes in a file, while PEM [3] is a way to encode x509 as a sequence of printable characters.
So it is entirely possible for a file to be both PEM and x509, with PEM encoding (as printable chars) of an x509-specified sequence.
What do the first few lines of your private key look like? A PEM file containing an encrypted private key starts like this:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,45D48E5EC120928E
VVnd4FVQ0XLoIXKfSP+xaDWboL87kDTq/HIoepq1bHv1Rqv5L2fILJWkrW2Vi/HW ...
A PEM file containing a non-encrypted private key starts like this:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA7OSE7kj77ULHEfFh80MYN6dcFtAimS9J4jHwqvkQ65/3+7uu J7v0epQI5anF9QZsMd0PlTD8bTSv6IrudyWPgvJYZygAF11yQWcfJYSpBlAqweiS ...
What format is your private key file in?
Andrew B. Michaelis wrote:
Greetings all, I am new to this list. I am also new to understanding a lot of SSL encryction. What I am attemting to/need to do is to take an existing private key created with the openSSL tool and the certificate reponse from verisign and be able to use it with tomcat. We have just installed / converted from apache listener ( bundled with oracle 9ias ) to the Jakarta tomcat. Tomcat uses java's keytool to generate a "keystore" which consists of the private key and the CAs certificate. I am able to load the CAs root, and the CAs certificate into keytore. But I am unable to load the original private key file created with openSSL. The keytool says it is not x509 format. Is there a way using openssl, subcommands of x509 or other to convert an existing key file from PEM or DER to x509 or PKCS#7 ( this format can be used by keytool as well ) Many thanks in advance for any help you can offer.
1. Technically the format is called ASN.1/DER for Abstract Syntax Notation 1 under Distinguished Encoding Rules
2. ibid
3. PEM is basically six bit chunks encoded under A-Za-z0-9/+ so every three bytes give four code characters
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
