On Thu, May 21, 2020 at 06:53:39PM -0400, paul h. roubekas wrote:
> I have a requirement to convert all certs in a *.p12 file to a *.der file
> for use in the curl command.
Perhaps I can crystalise some of the replies for you. The basic issue
is that **DER is not a file format**, rather:
* DER is binary encoding for a single data structure (object, a.k.a.
PDU or Protocol Data Unit), generally used only for objects with a
standardised ASN.1 schema.
One can of course write a DER serialied data structure to a file,
transmit it in network packet, ...
But, what one can't do (in contrast with PEM) is just concatenate
multiple DER objects together to get a meaningful multi-object store.
For that, you need a standardised container structure that can be
written in DER form, that *internally* holds multiple objects.
Ideally, something less bletcherous than PKCS#12 (inflicted on humanity
by some sadistic deity as punishment for ancestral sins).
--
Viktor.
