Extract all certificate chain from DER-encoded .p7b file
Export all certificates into one file
$ base64 -d <P7B_FILE>.p7b | openssl pkcs7 -inform DER -print_certs -out <PEM_FILE>.pem
We’ll get three certificates inside <PEM_FILE>.pem
file, from top to bottom:\
- Certificate for the route in PEM format
- CA certificate chain for the route validation in PEM format
- Root CA certificate in PEM format
Validate key - certificate pair with following commands
$ openssl pkey -in <PRIVATE>.key -pubout -outform pem | sha256sum
Example output: bb912b1c6614a0462556b2826b7dce6083a9b58049008a656706234d45abd4c6
$ openssl x509 -in <ROOT_CA>.cer -pubkey -noout -outform pem | sha256sum
Example output: bb912b1c6614a0462556b2826b7dce6083a9b58049008a656706234d45abd4c6