read content of base64 encoded certificate

Question

I am having some troubles reading a base64 encoded SSL certificate. What I have is a base64 encoded string without "----BEGIN CERTIFICATE----" and "----END CERTIFICATE----". I am trying to read it with multiple ways but it failed to me

I tried to read the cert via cmd

openssl x509 -in cdg_cert -text -noout 

and getting :PEM routines:CRYPTO_internal:no start Expecting: TRUSTED CERTIFICATE error

I also tried to decode the string and save it on my disk which ends up with a binary file and still couldn't read it via openssl cmd which ends up with same error

Googling around and haven't found any good hints, can anyone please help me on the cmd I should use? I am running a macbook and trying to read the cert content

Answer 1

I had the same issue

unable to load certificate
459600:error:0909006C:PEM routines:get_name:no start line:../openssl-1.1.1a/crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

, and after struggling a lot, just trying to use a text editor and wrapped the header/footer around the base64 encoded part:

-----BEGIN CERTIFICATE-----
...(cert content goes here)...
-----END CERTIFICATE-----

Afterwards, I was able to read the cert using:

"c:\Program Files\Git\mingw64\bin\openssl" x509 -text -noout  -in IdP_Signing_Certificate.crt

As already mentioned in comments, you should know which header you need to place, as it's part of the PEM definition. The Strings within the header are defined here, and depend on the content provided in the cert, which is the unknown piece added to PEM:

https://github.com/openssl/openssl/blob/master/include/openssl/pem.h

In short: PEM is just the base64 DER output + header/footer.