Archive for the ‘How to’ Category

NOTE: Please note that, this is a RIP OFF from the website http://www.sslshopper.com. Thanks for http://www.sslhopper.com for the valuable information provided. If anyone has any complaints, please contact me.

Different Platforms & Devices requires SSL certificates in different formats
eg:- A Windows Server uses .pfx files
An Apache Server uses .crt, .cer files

NOTE: Only way to tell the difference between PEM .cer and DER .cer is to open the file in a Text editor and look for the BEGIN/END statements.

PEM Format
It is the most common format that Certificate Authorities issue certificates in. It contains the ‘—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements.

Several PEM certificates and even the Private key can be included in one file, one below the other. But most platforms(eg:- Apache) expects the certificates and Private key to be in separate files.
> They are Base64 encoded ACII files
> They have extensions such as .pem, .crt, .cer, .key
> Apache and similar servers uses PEM format certificates

DER Format
It is a Binary form of ASCII PEM format certificate. All types of Certificates & Private Keys can be encoded in DER format
> They are Binary format files
> They have extensions .cer & .der
> DER is typically used in Java platform

They contain “—–BEGIN PKCS—–” & “—–END PKCS7—–” statements. It can contain only Certificates & Chain certificates but not the Private key.
> They are Base64 encoded ASCII files
> They have extensions .p7b, .p7c
> Several platforms supports it. eg:- Windows OS, Java Tomcat

They are used for storing the Server certificate, any Intermediate certificates & Private key in one encryptable file.
> They are Binary format files
> They have extensions .pfx, .p12
> Typically used on Windows OS to import and export certificates and Private keys



Converting Certificates between different Formats

Convert PEM to DER
$ openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B
$ openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CAcert.cer

Convert PEM to PFX
$ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CAcert.crt


Convert DER to PEM
$ openssl x509 -inform der -in certificate.cer -out certificate.pem


Convert P7B to PEM
$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX
$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
$ openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CAcert.cer


Convert PFX to PEM
$ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

NOTE: While converting PFX to PEM format, openssl will put all the Certificates and Private Key into a single file. You will need to open the file in Text editor and copy each Certificate & Private key(including the BEGIN/END statements) to its own individual text file and save them as certificate.cer, CAcert.cer, privateKey.key respectively.

Read Full Post »

NOTE: Please note that, this is a RIP OFF from the website http://www.sslshopper.com. Thanks to sslhopper.com for the valuable information provided. If anyone has any complaints, please contact me.

A CSR or Certificate Signing Request is a block of encoded text that contains information about the company that an SSL certificate will be issued to and the SSL public key. Once a CSR is created it is difficult to verify what information is contained in it because it is encoded. Since Certificate Authorities use the information in CSRs to create the certificate, you need to decode CSRs to make sure the information is accurate. Decoding a CSR verifies that it contains the correct information.


$ openssl x509 -in certificate.crt -text -noout

Read Full Post »

The ‘Recent Documents’ in GNOME Desktop Environment can be accessed via ‘Menu -> Places -> Recent Documents’. Ever wanted to keep your sneaky friends from knowing what files you are accessing ?

When you access a file via Nautilus file manager, the details are stored in an XML documents named .recently-used.xbel.
•  There is an option ‘Clear Recent Documents…’ available from ‘Menu -> Places -> Recent Documents’. This will clear out the file .recently-used.xbel and subsequently the entries listed in Recent Documents. But that is not we want. We want to permanently prevent the recently opened files from appearing there.

•  Deleting .recently-used.xbel won’t work. The next time you open a file, .recently-used.xbel is recreated.

•  Changing the default permission of .recently-used.xbel also doesn’t work. The permissions are reset to default 600, next time you open a file.

So, here are the steps to disable ‘Recent Documents’…
In your terminal, issue the following commands


STEP1:Removes the XML file .recently-used.xbel from your Home directory
$ rm -fv $HOME/.recently-used.xbel

STEP2: Creates a new directory named .recently-used.xbel in your Home directory.
$ mkdir $HOME/.recently-used.xbel


The ‘Recent Documents’ in ‘Menu -> Places’ is greyed out, the next time you try to access it.
When you open a file next time, the existence of XML file .recently-used.xbel is checked for.
In linux everything is a file, so is .recently-used.xbel, BUT only of ‘directory’ type!! We take advantage of this fact, so that no data can be written to .recently-used.xbel

Read Full Post »

Man pages are specially formatted and then compressed text files, created using help2man. Printing a man page, as you do normally with other files will result in printing all the formatting, and this is not we want. So, It would be better to convert them to a printer friendly format, like Postscript or PDF.
To create a Postscript file from the man page of proc command, issue the following command from your terminal…

$ man -t proc > proc.ps

To create a PDF file from the man page of proc command, issue the following from your terminal…

$ man -t proc | ps2pdf – proc.pdf


You will need the ps2pdf utility installed for the creation of PDF. Hopefully, most distributions comes with this utility pre-installed.

Explanation of Options used:
• equivalent to groff -Tps -mandoc command
• It only works if you have a groff utility installed. Hopefully, most distributions comes with this utility pre-installed.
• It passes the o/p to stdout, for formatting the man page. The default output is Postscript format

Read Full Post »