On 2007.04.17 at 03:27:47 -0700, Mustafa Cayci wrote: > Hi, > > I used Entrust/Web Connector to generate client > certificate. It generated in raw DER format. Is there > anyway to convert to PKC#7 format? > > Thanks in advance,
PKCS7 format is not a certificate format. It is format of signed/encrypted E-Mail messages, which can incorportate certificates and CRLs of signers. It is often used as container for certificate chains (probably with accompanying CRL). So if you got an X509 certificate in DER format, (if openssl x509 -text -noout -inform DER -in filename.crt displays it properly it is so), you need to create a PKCS7 container which store this (and may be others - typically you want certificate of your CA there too) certificate. This can be accomplished using crl2pkcs7 command of openssl utility. Even if you don't actually have a fresh CRL from your CA. It is conterintuitive, but crl2pkcs7 can create pkcs7 without CRL. Unfortunately, crl2pkcs7 doesn't accept certificates in the DER format (although it can deal with CRL in DER format). So, you have first to convert certificate(s) into PEM using openssl x509 and then use crl2pkcs7 to wrap it into pkcs7 structure. > Mustafa > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
