TLS/SSL certificate format

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am attempting to write a simple TLS/SSL implementation (for fun),
and have run into a question I can't find an answer for. I would
appreciate it if someone could help me out.

When the server sends a Server_Certificate message during the
handshake, what format is the certificate in? The rfc just says it's a
x509v3 certificate. When I create a certificate using openssl, I can
do it in pem format, der format, pkcs12 format, etc… None of these
formats appears to be how the certificate is actually sent across the

What am I missing? Does anyone know what format the certificate needs
to be in, how to use opensll to create a certificate in the correct
"across-the-wire" format, and/or any other program that could create
such a certificate?


Re: TLS/SSL certificate format (Epic Wamz) writes:


Quoted text here. Click to load it

It'll be DER.

Site Timeline