Create X509 certificate and save as Base-64

base64certificatessl-certificatex509certificate

I have been following a guide that covers signing authorization tokens for Web API security. One of the aspects was storing the X509 certificate as a Base-64 string in the web.config. However, the steps necessary on how to get a X509 certificate and convert it into a Base-64 string were not explained. I found some guides on how to generate an X509 certificate using OpenSSL however I remain confused on which parts to use and how to convert to Base-64. Here is what I want to end up with.

  1. A Base-64 representation of the certificate that I can store in the web.config
  2. A password that goes along with the certificate

The code I want to use in my authentication server is ..

SigningCertificate = new X509Certificate2(certificate, password);

Where certificate is a Base 64 encoded representation of the certificate and password is the signing certificate password.

So with the OpenSSL tool I am able to generate two files …

  • Cert file – MyCert.pem
  • Key file – MyKey.pem

Question #1 – Do I only need to use the MyCert.pem file when converting to Base-64? Or do both files need to combined both files as a single PFX file before representing as Base-64?

Question #2 – Is there a utility that I can use that accepts a file and then exports a Base-64 string?

Best Answer

Question #1 - Do I only need to use the MyCert.pem file when converting to Base-64? Or do both files need to combined both files as a single PFX file before representing as Base-64?

The PEM file format is encoded in base64. It can be applied to private keys, certificates or also certificate signing requests. The files have a header/foot to distinguish them starting with ----BEGIN PRIVATE KEY---- or ----BEGIN CERTIFICATE----

A PFX is a container for private keys and certificates protected with a password. You need to include your both PEM files. A PFX is encoded in pkcs#12 format( binary).

Concatenate the cert with the key file and then have OpenSSL convert it to PKCS#12 (PFX)

cat MyKey.pem MyCert.pem > cert.pem
openssl pkcs12 -export -in cert.pem -out mykeystore.p12 -name myalias
#Enter Export Password:

If you are using this service ( I have searched in google), you will need the pkcs12 file and the assigned password

Question #2 - Is there a utility that I can use that accepts a file and then exports a Base-64 string?

I normally use a texteditor like Notepad++ with the MIME plugin. Alternatively, all programming languages have a method to convert an array of bytes to Base64 if you need to do it programmatically.

Related Topic