Get APLawrence.com by RSS2005/04/28 PEM files (openssl)
Ascii versions of certificate files are usually stored in .pem files. You might find them under your httpd directory:
# ls -l /etc/httpd/conf/*pem
-r-------- 1 root root 3289 Nov 18 07:26 /etc/httpd/conf/httpd.pem
If you look inside such a file, you'll see something like this:
# head /etc/httpd/conf/*pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBATKCAQEAmu3JxwgcG/12lX6MS4ocHQ7ko87uOV1UmdwGLJv2mdTPQ1Ep
yLVPyGB1srZt9X6s/plkbqnhHih9Y7TaIH2g0H8wkbLvck6+/ksmyRWiJ51PTOos
Ce1tQtMoO5w2/Uv8LQ7d/qqyKDnYz0g9r1AhgnKW1AC1jUfrPWIxAsmaM+9xvkbF
w0TmJkoCkTsqJJu0CgIOGYrX+Y9fzFp0g7bLtO/6aEPGK9eOCa0ATju3loZox1VA
R7waYl9r/913fi1q7KOlJl8ozwGwbaBXG5uOLPXrO4ZDXT4Y/7fH2hClm/hVNciq
snDDvz78Glz3GsZMmR1DkwpFB4Ss3DZehu1jgwI6AQABAoIBADkV7QddQZ4+oncr
PQiIdxtt5WlGUhjo/seVCGFfhlngRA511YOS6zbV9AhJl/KhHnUhaBQunDhUiv82
IDlgkOTCOM82s2vXACEK59uoEPuvxwx8LIXr6hp5WzdntAtY+C5SEBJKKyMPTYfz
Ameaiv5Z4qFzMXJBUbhoec6hIiSIPweNt5RZfm3N+/5g32CCUgevEP2t0IUZWvMP
Funny thing is, "file" doesn't know anything special about this:
# file /etc/httpd/conf/*pem
/etc/httpd/conf/httpd.pem: ASCII text
And in fact, they shouldn't be called pem files at all. From https://digitalid.soltrus.com/globalServer/INSTALL/techDocs.html
The ApacheSSL documentation, and the docs for the SSLeay toolkit,
refer to certificates and certificate requests as "PEM" files. They
are not. ApacheSSL, like all SSL secure servers, uses the (standard)
X.509 certificate format. X.509 certificates are binary files,
which are difficult to send around by mail. So SSLeay stores them
in BASE64 encoded format, between '-----BEGIN-----' and '-----END-----'
lines. BASE64 encoding was defined as part of the (old) Privacy
Enhanced Mail (PEM) specification, which is why the documentation
calls them "PEM format" files.
The original PEM description can be found at http://www.networksorcery.com/enp/data/pem.htm
Actually, the X.509 format is apparently "Abstract Syntax Notation" or ASN.1. (http://www.cs.indiana.edu/~chiuk/security/glossary/):
ASN.1 is OSI's notation for for specifying abstract types and values.
ASN.1 does not specify how these objects are encoded into bits.
This is specified by a set of encoding rules. Two are in common
use: the Basic Encoding Rules (BER), and the Distinguished
Encoding Rules (DER). BER specifies more than one way to encode
some values, while using DER results in a unique encoding for
each ASN.1 value.
The X.509 certificate specification is specified with ASN.1.
Kerberos 5 uses ASN.1 and DER to encode its protocol messages.
That makes it all perfectly clear, doesn't it?
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 2 | 2 | 75 | 1,427 | 4,660 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282
http://www.schewanick.com SCO Unix, Solaris, Linx (various), PHP, MySQL, Apache, uniBasic, dL4, Perl, System Administration and more....
http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses
- Nov 23 13:01
I need coffee before I will even open the door, never mind go out there. That's completely non-negotiable, by the way. - Nov 23 12:56
It's COLD and my wife wants us to go work in the yard. Do you think I can have her arrested for cruelty? Probably not as she's going too.
Related Posts
Add your comments