[stunnel-users] EXTERNAL: Which X.509 certificate types (.crt, .pem, .der .p7c) possible for stunnel and how to import them?

Bucci, David G david.g.bucci at lmco.com
Fri Oct 18 17:22:03 CEST 2013

PEM - http://www.stunnel.org/static/stunnel.html, search for "cert =",  documented in the service options section.

You need OpenSSL on the box to use Stunnel - and OpenSSL has everything you need to convert certificates between formats/containerization as needed to get your cert into PEM format.  E.g., if they give you a DER-formatted certificate named "file.cer", run:

    openssl x509 -in file.cer -inform der -outform pem -out file.pem

This link has more info on telling if your provider gave you a DER or PEM formatted cert:  https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them

It also has conversion commands to use.

If your provider gave you a .pfx file, then it's a pkcs#12 container, having a cert, key, and possibly CA chain in it.  This link has info on exporting your certificate from such a file:  http://www.sslshopper.com/article-most-common-openssl-commands.html

P7c (pkcs#7) you're unlikely to see. Used for CA chains. Actually, maybe you will - yell if so, or research.

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ben Stover
Sent: Friday, October 18, 2013 3:21 AM
To: Stunnel Users
Subject: EXTERNAL: [stunnel-users] Which X.509 certificate types (.crt, .pem, .der .p7c) possible for stunnel and how to import them?

Which X.509 certificate types (e.g.  .crt, .pem, .der .p7c) are possible for stunnel?

Assume I have got such a certificate as separate file (and not retrieved by OpenSSL).

How do I import it into stunnel?

Do I have to just copy it into (which ?) directory?

Does the certifcate file name have to have a certain pattern?
Or is stunnel smart enough to read and analyze the content independently from filename?

Thank you

stunnel-users mailing list
stunnel-users at stunnel.org

More information about the stunnel-users mailing list