Extract certificates from P7B

P7B extract to certificatesThis will be quick tutorial about how to convert P7B to certificate. Actually we will extract certificates from PKCS #7 file using OpenSSL.
Here I have to mention one issue which is really often met and it is with the beginning and the end of the certificate provided. It depends on the OpenSSL version, but for now if the beginning and the end of the certificate are like:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
will lead to the following error when you try to extract the SSL certificates:
error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: PKCS7 .
Let’s examine P7B certificate to see how to avoid such error.

 

Your certificate could be much longer as digits, but I put […] to shorten the listing on mine. Anyway if your certificate has the same beginning and end, you should change it to:

I have changed:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
to
—–BEGIN PKCS7—–
and
—–END PKCS7—–
in order to accommodate the OpenSSL “Expecting: PKCS7

Now we can run the OpenSSL command which will extract PKCS7 certificates from the P7B file .
Note: this command works for both Linux and Windows machines with installed OpenSSL.

The output which prints the stored in the p7b file certificates will be similar to this one:

All this certificates will be stored into the pem.cer file as per the example. The first one is the certificate itself and the following two are CAs signing the certificate.

Another useful option is if you want to merge SSL certificate and key into PFX file

Tags

Filed Under: InternetSecurityServer Administration UtilitiesServer ManagementSSLTutorialsWeb servers

Anthony Gee About the Author: Anthony G. is an IT specialist with more than 9 years of solid working experience in the Web Hosting industry. Currently works as server support administrator, involved in consultative discussions about Web Hosting and server administration. One of the first writers in the Onlinehowto.net website, now writing for Free Tutorials community - he is publishing tutorials and articles for the wide public, as well as specific technical solutions.

Comments (3)

  1. William Law says:

    When dealing with DER-encoded PKCS7 certs, add “-inform DER” otherwise it tries to interpret it as PEM-encoded and comes up with the same errors.

  2. Eduardo Mozart de Oliveira says:

    Thank you! Saved my life! :)

Leave a Reply