linux - OpenSSL encoding errors while converting cer to pem

Question

I`m trying to convert the .cer file to .pem through openssl, the command is:

openssl x509 -inform der -in certnew.cer -out ymcert.pem

and that's the errors I`m getting:

unable to load certificate
140735105180124:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140735105180124:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509

What am I doing wrong?

Answer 1

To expand on existing answer, like explained by ssl.com, a .cer file can be either in der or pem encoding. If it is in der encoding, you'll need to do conversion like you have done, but if it is already in pem encoding, no conversion is necessary and you get the error you've got if you try - and you can just rename the file.

If you're unsure, it is good to know that .der is a binary format, whereas .pem is ascii one. If you echo the contents of your certificate out, a .pem file would look something like this:

-----BEGIN CERTIFICATE-----
MIIEuTCCA6G[snip lots of chars]
XmCpajQ==
-----END CERTIFICATE-----

And a .der file would look like this:

0??0???@*?H?????0
0??1
    0   UUS10U
VeriSign, Inc.10U
                 VeriSign Trust Network1:08U