How do I open a p7s file from the command line? - client-certificates

I am trying to open p7s files by command line, using openSSL with this line
openssl.exe smime -verify -in 1.pdf.P7s -noverify -inform DEM -out 1.pdf
openssl smime -inform DER -verify -noverify -in 1.pdf.p7s -out 1.pdf
But I am always getting this:
Verification failure
7100:error:04091068:rsa routines:int_rsa_verify:bad signature:crypto\rsa\rsa_sig
n.c:220:
7100:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:crypt
o\pkcs7\pk7_doit.c:1041:
7100:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:crypto\pkcs7\p
k7_smime.c:353:
And generating a file I can't open.
Later edit: I found out that "A p7s is just a signature file in DER format. There is no "content" in that file, it's normally apart of a S/MIME message as a base64 attachment." but I still don't know how to get the base file.

Yeah, it seems that the version I've used (1.1.1) is giving me this error.
Changing it an older version (1.0), it's working.

Related

How to convert .cer file to .pem file

I had export .cer file from keychain and using below command try to convert in .pem file but in resulted .pem file missing
-----BEGIN PRIVATE KEY-----
please any one can give another way to do that
command are like
openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem
If anyone wants to use command which is recommended for creating pem file,
then here is solution on my gist.
openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -in PushChatKey.p12 -out PushChatKey.pem
cat PushChatCert.pem PushChatKey.pem > ck.pem
First 3 commands will generate pem, but if you want to test then 4th and 5th command will be necessary.
If you got error that about unknown command 'telnet' then install telnet from brew.
Also, I have the same issue when I convert .p12 file into .pem file
when I open that .pem file in that missing ----BEGIN PRIVATE KEY-----
So after searching find out solution use this convert .p12 to .pem
openssl x509 -inform der -in certificate.cer -out certificate.pem
Look no further. This is all that it takes.

Get serial number from a certificate using Ruby

Is there a way to know a certificate serial number with Ruby? I know I can get it by using:
openssl x509 -inform DER -in file.cer -noout -serial >"serial.txt"
You can directly run shell commands in ruby and gets its output to a variable. I assume you will have to do something along the line of:
serial = `openssl x509 -inform DER -in file.cer -noout -serial`
Here is a more detailed answer: Calling shell commands from Ruby
There is module OpenSSL in standard library, which includes class OpenSSL::X509::Certificate, with method #serial

Your file should validate and return its contents with `openssl smime -verify -inform DER -noverify`

I uploaded an apple-association file to my server, which serves content over HTTPS but the link validator here is giving me this error Your file should validate and return its contents with openssl smime -verify -inform DER -noverify I thought one doesn’t need to sign the file if targeting iOS 9? Can someone please help with this?
That validator is somewhat out of date. Give this one a try instead.

Generate a P12 file with private key and certificate in an iOS app

I have a certificate and private key that I want to put together, in code, into a PKCS12 file with the OpenSSL library (libcrypto). I know how to do this via the command-line tool:
$ openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
$ openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
$ openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12
But how can I do it in code?
If you are willing to use C code in your objective-C code and you have OpenSSL library for iOS then you can do it.
You can use PKCS12_create function to create a PKCS12 structure and write it to file using i2d_PKCS12_bio function.
PKCS12_create takes the certificate, private key, passphrase, chain of CA certificates and other parameter.
It is explained in a pretty well manner in documentation.
I hope this will help you to start coding.

Stuck creating p12 file for MoonAPNS

I am having some trouble creating my .p12 certificate.
I have previously created an application with push notification, this works fine.
The application takes the users device id and saves it into a database.
I have added the code into my new application(with the amendments to work with the new application), and from the Log it seems to be working in the same way as my other app.
I have downloaded the relevant files that i need and then i know i needed to use ssl to be able to create my new and combined p12.
I cant for the life of me remember how i created the p.12 file.
I'm using moonapns.
I have used the following:
Step 1:
openssl x509 -in aps_developer_identity.cer -inform DER -out
aps_developer_identity.pem -outform PEM}
Where aps_developer_identity.cer is the file you download from the
portal
Step 2:
openssl pkcs12 -nocerts -out APSCertificates.pem -in
APSCertificates.p12
Where APSCertificates.p12 is a file you export from the Mac Keychain.
This is critical, you must import the certificate from the portal into
keychain. Find it in My Certificates, open the disclosure triangle and
highlight both the certificate and the private key, then right click
and export them. Give them a password and save them to a p12 file.
Step 3:
openssl pkcs12 -export -in aps_developer_identity.pem -out
aps_developer_identity.p12 -inkey APSCertificates.pem
I have added the certificate and it isn't working, i'm not receiving the notification to the device. Does any one know how else i am supposed to create the certificate??
openssl pkcs12 -export -in your_app.pem -inkey your_key.pem -out your_app_key.p12
refer this link
http://www.raywenderlich.com/forums/viewtopic.php?f=20&t=7468
Try this:
After downloading the .cer file (aps_development certificate is not the ios_development), manages the pem file with the following command:
openssl x509 -in "path_to_apple_cert.cer" -inform DER -out "path_to_an_output_Cert.pem" -outform PEM
Take your APSCertificates.p12 file and run the second command:
openssl pkcs12 -nocerts -in "path_to_exported_p12_from_apple_cer.p12" -out "path_to_an_output_Key.pem" -passin pass:your_p12_password -passout pass:your_new_p12_password
Now take the two pem files that you generated and run the following command:
openssl pkcs12 -export -inkey "path_to_an_output_Key.pem" -in "path_to_an_output_Cert.pem" -out "path_to_final_p12.p12" -passin pass:your_new_p12_password -passout pass:your_final_p12_password
This is your P12 for push notifications.
If you do not want to use the
$ cat command PushChatCert.pem PushChatKey.pem > ck.pem
contained in some instances, if you are on windows you can use:
type PushChatCert.pem PushChatKey.pem > ck.pem

Resources