Extracting the certificate chain from a PKCS#7 container

Support

Support for business applications

Kaspersky Secure Mail Gateway

Managing the cluster

Managing the SSL certificate of the cluster node

Extracting the certificate chain from a PKCS#7 container

26 April 2024

ID 239056

After processing the Certificate Signing Request, the certification authority may provide a certificate chain in the PKCS#7 format (file with the P7B extension). The chain includes the website certificate signed at your request as well as certificates of intermediate certificate authorities.

The PKCS#7 certificate file can be provided in two encodings:

DER encoded
Base64 encoded (PEM encoding)

To use the certificates, you must extract them from the container to get a PEM-encoded file. You can use the openssl utility to convert the certificate.

To convert the DER encoded PKCS#7 file, use the following command:

openssl pkcs7 -in source.p7b -inform DER -print_certs -out cert.pem

To convert a PEM encoded PKCS#7 file, use the following command:

openssl pkcs7 -in source.p7b -inform PEM -print_certs -out cert.pem

You can use the obtained cert.pem file to replace the web interface certificate.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.