Search code examples
powershellopensslcertificatepem

Openssl errors in PowerShell when converting certificates

I am currently working on converting CER to PEM.

I am working on building a script to convert multiple certs into a different format using Openssl. I am running PowerShell 7 and Openssl 1.1.1e. When I run my script, I get some Openssl errors, however it does still seem to convert the certificate as I still get a .pem file afterwards. Below are the errors:

Can't open Folder\Path for reading, Permission denied
17956:error:02001005:system library:fopen:Input/output error:..\crypto\bio\bss_file.c:69:fopen('C:\Users\localadmin\Desktop\PowerShell\Testing Environment\Folder\Path','r')
17956:error:2006D002:BIO routines:BIO_new_file:system lib:..\crypto\bio\bss_file.c:78:
unable to load certificate
Can't open Folder\Path for reading, Permission denied
19560:error:02001005:system library:fopen:Input/output error:..\crypto\bio\bss_file.c:69:fopen('C:\Users\localadmin\Desktop\PowerShell\Testing Environment\Folder\Path','r')
19560:error:2006D002:BIO routines:BIO_new_file:system lib:..\crypto\bio\bss_file.c:78:
unable to load certificate
unable to load certificate
17960:error:0909006C:PEM routines:get_name:no start line:..\crypto\pem\pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
16568:error:0909006C:PEM routines:get_name:no start line:..\crypto\pem\pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
21500:error:0909006C:PEM routines:get_name:no start line:..\crypto\pem\pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
15500:error:0909006C:PEM routines:get_name:no start line:..\crypto\pem\pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

I don't have any errors using Openssl to make the CSR or private key. Below is the code I'm using for the conversion:

if($CertType -eq "PEM") {
    Get-ChildItem $ScriptPath\$Kit -Recurse -Force | ForEach-Object {
        $OutFile = $_.FullName.ToString().Replace(".cer",".pem")
        openssl x509 -in $_.FullName -outform PEM -out "$Outfile"}
}
Solution

  • Was able to figure it out. In my code for converting the CER file to PEM, When recursing through my folders I added the line to include only the CER files and not the Key files in there as well. Below is the edited code.

    if($CertType -eq "PEM") {
    Get-ChildItem $ScriptPath\$Kit -Recurse -include "*.cer" | ForEach-Object {
        $OutFile = $_.FullName.ToString().Replace(".cer",".pem")
        openssl x509 -in $_.FullName -outform PEM -out "$Outfile"}
}