You find yourself trying to look at a certificate with Openssl (I’m using the cygwin version of openssl on windows 7):
$ openssl.exe x509 -in certificate.crt -text unable to load certificate 2675716:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
Openssl error messages are so cryptic, I tried looking at the code to deduce what it meant, and even that didn’t go so well.
The error message shown above doesn’t really have much to do with “trust”. It most likely means that your certificate is not in PEM format. The most common other format that certificates can be in is DER. If you wanted to view the certificate in DER format anyway, you would do this:
$ openssl.exe x509 -inform DER -in certificate.crt -text
the -inform argument allows you to specify what format the certificate you are trying to examine is in. The -text argument says “display it on screen”, and the -in argument specifies the certificate file name.
If you wanted to convert that certificate from DER to PEM, you would say:
$ openssl.exe x509 -inform DER -outform PEM -out ./PEMcert.crt -in DERcert.crt
-outform PEM says the output format should be PEM, and the -out argument specifies the filename to give the converted certificate.