• Convert PEM PEM to DER openssl x509 -outform der -in certificate.pem -out certificate.der PEM to P7B openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer PEM to PFX openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt.
  • Openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3usr -CA cacert.pem -CAkey key.pem -CAcreateserial Set a certificate to be trusted for SSL client use and change set its alias to 'Steve's Class 1 CA'.
  • Openssl x509 is for a certificate, not a key.openssl rsa produces a raw PKCS1 RSAPrivateKey; are you sure your site wants that? I don't know any sw besides OpenSSL that supports it, and OpenSSL sw usually uses PEM not DER.
  • Format a X.509 certificate. Sometimes we copy and paste the X.509 certificates from documents and files, and the format is lost. With this tool we can get certificates formated in different ways, which will be ready to be used in the OneLogin SAML Toolkits.

Select the certificate Export select 'DER ENCODED Binary X.509 (.cer)' Choose a file name and save. You now have a DER encoded certificate file for your use. If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance.



Creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and private key.



The path for the PEM-encoded X509 certificate.


If specified, the path for the PEM-encoded private key.If unspecified, the certPemFilePath file will be used to load the private key.



A new certificate with the private key.


The contents of the file path in certPemFilePath do not contain a PEM-encoded certificate, or it is malformed.


The contents of the file path in keyPemFilePath do not contain a PEM-encoded private key, or it is malformed.


The contents of the file path in keyPemFilePath contains a key that does not match the public key in the certificate.


The certificate uses an unknown public key algorithm.

Pem To X509

certPemFilePath is null.


See ReadAllText(String) for additional documentation about exceptions that can be thrown.

The SubjectPublicKeyInfo from the certificate determines what PEM labels are accepted for the private key.For RSA certificates, accepted private key PEM labels are 'RSA PRIVATE KEY' and 'PRIVATE KEY'.For ECDSA certificates, accepted private key PEM labels are 'EC PRIVATE KEY' and 'PRIVATE KEY'.For DSA certificates, the accepted private key PEM label is 'PRIVATE KEY'.

PEM-encoded items that have a different label are ignored.

Combined PEM-encoded certificates and keys do not require a specific order. For the certificate, the the first certificate with a CERTIFICATE label is loaded. For the private key, the first private key with an acceptable label is loaded. More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

For password protected PEM-encoded keys, use CreateFromEncryptedPemFile(String, ReadOnlySpan<Char>, String) to specify a password.

Applies to

#include <cryptopp/x509cert.h>

Digital certificates are used to bind identities and public keys using a cryptographic signature. The certificates are used in protocols such as IPSec, TLS and SSH. X509Certificate is a class that allows the library to load X.509 v3 certificates and access values in the certificate, like names and the public key. The class is based on earlier work by Geoff Beier. You can find Geoff's sample at X.509 Example.

The X509Certificate class is a read-only implementation. The class loads a DER encoded X.509 v3 certificate and provides accessors for the common fields, like signature, signatureAlgorithm, toBeSigned, serialNumber, issuerDistinguishedName, subjectDistinguishedName, and subjectPublicKeyInfo. More functionality will be added over time as use cases are determined.

The class does not allow you to edit a certificate. The class allows you to Save, but it is the same certificate that was Loaded. It is assumed another tool is used to create and issue certificates. This functionality may be added over time if the need arises.

X509Certificate is fairly robust and can load all of the certificates distributed by Mozilla as packaged in cacert.pem (packaging courtesy of Daniel Stenberg and cURL). X509Certificate does not load static Diffie-Hellman keys because they are no longer in favor.

The Crypto++ library received several modifications to allow better integration of X509Certificate. For example, the functions BERDecodeTextString, BERDecodeDate and BERDecodePeekLength were added to the library's ASN.1 functions. Additionally, some useful OID's were added to the ASN1 namespace, like sha256WithRSAEncryption.

The class is not part of the Crypto++ library. Rather, it is an add-on that you download and compile yourself. The source code is available as part of the PEM Pack. The PEM Pack also adds PEM support on top of X509Certificate's DER support.

Compiling and Testing

To compile the source files, simply drop them in your cryptopp folder and then execute Crypto++'s GNUmakefile. The library's makefile will automatically pick them up. Windows users should add the header and source files to the cryptlib project in their respective folders.

There are two C++ source files to add the X509Certificate class to Crypto++. The files are:

  • x509cert.h - the include file for the X509Certificate class used by applications.
  • x509cert.cpp - the source file for the X509Certificate class.

The class can be tested using the PEM Pack'spem_test.cxx. pem_test.cxx loads each certificate in Mozilla's cacert.pem, calls Validate on each certificate, and then prints each certificate to std::ostringstream to ensure the accessor functions are working as expected.

The default behavior is to validate keys and parameters after reading them in Debug builds (but not Release builds). If you want the keys and parameters validated after reading them, then open pem_common.h and uncomment the define PEM_KEY_OR_PARAMETER_VALIDATION. Once compiled, changing PEM_KEY_OR_PARAMETER_VALIDATION has no effect.

When using PEM_KEY_OR_PARAMETER_VALIDATION, an OS random number generator must be available, like AutoSeededRandomPool. Do not build the library and the PEM Pack with -DNO_OS_DEPENDENCE because the define removes the OS random number generators.

How To Convert Pem To X509

The easiest way to test the PEM source files is drop them in your cryptopp directory, and then issue the following commands. The scripts will build and test for you.

Verify Certificate

There are three techniques used to verify a certificate. The first is the basic verification using a self-signed certificate with a RSA key. It is the easiest case, and the subject's public key can be used to verify the certificate.

The second case is a chain, and it differs from the first case because the issuer's public key is used and it is located in a different certificate. The third case is a signature using ECDSA. The interesting point for this case is, the ASN.1/DER signature must be converted to P1363.

Self Signed Certificate

The code below verifies the signature over a self-signed certificate. Since the certificate is self-signed, the subjectPublicKey and issuerPublicKey are the same. You simply use the public key in the certificate to verify the TBSCertificate. The recipe to create the self-signed certificate is below at OpenSSL x509.

Running the program results in the following.

Certificate Chain

If you have a certificate chain, then you use the issuerPublicKey to verify the signature on the server's certificate. You can find the issuerPublicKey in the CA certificate. The code to verify the signature on a server's certificate in a chain would look similar to below.

ECDSA Certificates

A certificate signed using ECDSA needs the signature converted from ASN.1/DER to P1363. The X509Certificate class converts them automatically for id_ecdsaWithSHA1 through id_ecdsaWithSHA512. If a different signature algorithm specifies ECDSA, then the signature may need to be manually converted until it is added to the class.

The code below performs the conversion and verifies the signature. The code was taken from VerifySignature in x509cert.cpp. The conversion is covered in DSAConvertSignatureFormat on the wiki.

Certificate Identities

A certificate's sole purpose in life is to bind a public key to an identity using a cryptographic signature. X509Certificate makes it easier to discover the bindings by providing GetSubjectPublicKey to obtain the certificate's public key; and GetSubjectIdentities to obtain the subject identities in the certificate.

The identity is an array of IdentityValue, and the collection includes X.520 attributes and values, like RFC 822 email, PKCS #9 email, Distinguished Name (DN), subjectAltName (SAN), and uniqueId (UID). It is up to the caller to determine what is acceptable.

You can retrieve and display the identity using the following code.

Running a program using the test certificate results in output similar to the following.

Note that some information is presented more than once. For example, the email address and the Common Name (CN) are part of the distinguished name, and also provided as stand-alone values. This by design to allow the applications to do something like below.


Subject Alternate Names (SAN) is one of the primary places to find identities. GetSubjectIdentities attempts to collect identities from the SAN, but it only loads some of the GeneralNames.

The RFCs define the SAN as follows.

The X509Certificate implementation has full support for rfc822Name, dNSName, iPAddress and uniformResourceIdentifier. There is partial support for otherName, but we need a test cert to finish the implementation. There is no support for the remaining GeneralNames. If you have a certificate for testing, then please send an email to the mailing list.

Certificate Output

X509Certificate::operator<< is fairly boring at the moment. It calls the member function X509Certificate::Print, which outputs some of the certificate's fields. You can modify X509Certificate::Print to suit your taste.

A typical output is shown below.

Certificate Validation

If you call Validate on a X509Certificate, then the call validates the subject's public key. The signature on a self signed certificate is verified at level 1 or above.

More tests can be added from the following documents. In practice certificate validation is the wild, wild west. It will probably be a good idea to allow the user to select the tests they are interested in by setting a mask before calling Validate.

  • RFC 4158, Internet X.509 Public Key Infrastructure: Certification Path Building
  • RFC 5280, Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile
  • RFC 6125, Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)

OpenSSL x509

You can use OpenSSL and the openssl x509 subcommand to create a self-signed certificate. There are two parts to creating the certificate. First is a custom conf file, and the second is the command. The OpenSSL man pages provide information for both the config file and x509 subcommand.

Your OpenSSL conf file should look similar to below. The conf file creates a self-signed server certificate for the domain example.com. The conf file has several options that probably should not be present for a real server certificate, like keyEncipherment. secureShellServer requires OpenSSL 1.1.0 or above. prompt = no means no prompts are provided, like confirming country or organization name.

After creating the conf file you can create the certificate with the following command. The command creates a new key pair and the certificate using the conf file. The private key does not have a password.

You can convert the PEM certificate to ASN.1/DER with the following command.

You can view the certificate with the following OpenSSL command.

If you prefer you can view the certificate with Peter Gutmann's dumpasn1.

Certificate Basics

A X.509 certificate binds a public key to an identity using a cryptographic signature. That's all it does.

There are two types of certificates. The first type is a CA certificate. A CA certificate has CA = true in basic_constraints, and can be used to issue, manage and revoke other certificates. The second type of certificate is an end entity certificate. An end entity has CA = false in basic_constraints, and is issued to users, machines, web servers, VPN servers, SSH servers and other end users. If you create a self-signed certificate for your web server, then you created an end entity certificate because CA = false.

Certificates are issued by an issuer or authority. Certificates can be issued for intermediate/subordinate CA certificates and can be issued to end users. The entity for whom the certificate was issued is called the subject. The issuer sign's the subject's certificate.

Pem To X509certificate

A certificate can be self-signed. A self-signed certificate means the issuer and subject are the same entity. If the certificate is self-signed, then you issued your own certificate. In the RFCs, like RFC 4158, Certificate Path Building, it also means things like the authorityKeyIdentifier = subjectKeyIdentifier and issuerDistinguishedName = subjectDistinguishedName.

The rules governing the way certificates are issued, managed and revoked is codified in a Certification Practice Statement (CPS). All public Certification Authorities provide them. Most of CPS'es are obscene for the user, and make statements like the certificates are not fit for their purpose (no kidding, read one sometime).

Certification Practice Statements are legally binding documents. They are part of the documentation for a Public Key Infrastructure (PKI). A CA that does not follow its CPS risks being dis-trusted, like Symmantec for chronically breaking its own rules. Symantec owns/operates Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, so it was a deep cut and the stock price fell 35%.

People who trust certificates and certificate chains are called Relying Parties. A relying party can chose to trust a commercial CA like Comodo or Verisign. They can also chose to trust a self-signed end entity certificate issued by an individual. Relying parties can base their decision on a Certification Practice Statement for a public CA, or base their decision on friendship like in Web of Trust schemes. A common collection of trusted issuers can be found in Mozilla's cacert.pem.

The two most popular PKI's are (1) the Internet's PKI is called PKIX, and (2) the CA/Browser Forum (CA/B) PKI. The Internet's PKI is used by tools like cURL, OpenSSL and Wget and codified in various RFCs. The CA/Browser Forum PKI is used by browsers, and their PKI is codified in the CA/B Baseline Requirements. The CA/B is sometimes called the 'ca cartel' because they are a closed group.

Convert Pem To X509

PKIX and the CA/B have different issuing policies, but they mostly overlap. An example of them differing is, PKIX allows SubjectAltName (SAN) dnsNames of *.com, *.net and *.org, while the CA/B BR does not. Another difference is, the CA/B requires the Common Name (CN) provide the domain, like example.com, while PKIX does not.

Public CA's sell 'extended validation' certificates. There is nothing special about them, and they don't provide any additional technical or security controls. Extended validation certificates are more expensive than standard validation certificates, and they helped restore public CA profits after the race to the bottom cut into business profits. Also see Peter Gutmann's book Engineering Security.

Various governments and organizations run their own PKIs. The US government's PKI documents are over 2500 pages. A spectacular PKI failure from the Dutch government was Diginotar. Diginotar was caught by Public Key Pinning. Here is the Google Product Support message from 2011 that exposed Diginotar: https://productforums.google.com/forum/#!category-topic/gmail/share-and-discuss-with-others/3J3r2JqFNTw

You can run a private PKI at your house or in your organization. You can make up any rules you like for your PKI. For example, you can have a rule that says you will only issue certificates on Wednesday, and a certificate issued on another day is invalid. For a private PKI you don't need to publish Certification Practice Statement. If your rules diverge too much from PKIX and CA/B Forums, then tools like cURL, OpenSSL and Wget and browsers will have a tough time conforming.


Noloader cryptopp-pem - Additional source files which allow you to read and write PEM encoded keys, including encrypted private keys and X.509 certificates. The collection includes a script to build test keys and certificates with OpenSSL, a small C++ test program to test reading and writing the keys and certificates, and a script to verify the keys written by Crypto++ using OpenSSL.

Retrieved from 'https://www.cryptopp.com/w/index.php?title=X509Certificate&oldid=28826'
Coments are closed

Most Viewed Posts

  • Manual Sigil
  • Google Drive File Stream Login
  • Wyvern Discord
  • Top 10 Movies On Prime
  • Amazon Prime Video 30 Day Free Trial

Scroll to top