OpenSSL how to load CA cert with DER format

0
votes

I am new to OpenSSL, so forgive me if I ask anything stupid.

I need to convert an existing server project which uses axTLS to OpenSSL. As the server requires client authentication, I need to load the server cert file, private key file and the CA cert file. All 3 files are in DER format.

For server cert file and private key file, I can use SSL_CTX_use_certificate_file() and SSL_CTX_use_PrivateKey_file() to load a DER format file (ASN1 format). However, I couldn't find any API that loads the CA cert in DER format. SSL_CTX_load_verify_locations() and SSL_load_client_CA_file() seem only work for PEM format.

Any other API/method I can use to work around this issue?

Thank you.

2
copensslx509
According to the document, it supports only PEM format.Yu Hao
So it means there is no way for OpenSSL API to load a DER format (.cer file extension) CA cert?? I am having a difficult time to convince myself this as axTLS is able to do it and axTLS is supposed to be a 'lite' version of SSL implementation.Angela Yan

2 Answers

1
votes

I will answer my own question. As what Yu Hao said, there seems to be no API available in OpenSSL to load a CA cert in DER(ANS1) format. I had to get the PEM format version of CA cert to use in the end.

0
votes

First of all, DER files can have .crt, .cer, and .der endings.

As for your question it may be one of many issues. Does your existing server project already work, and to what extent?

Could you first try and convert the DER file to PEM and tell us how it went?

openssl x509 -inform der -in certificate.cer -out certificate.pem