How to convert binary P10 formatted CSR to Base64 format needed for CAcert's web

There are resources (e.g. Kleopatra) that generate a certificate signing request (CSR) in binary format P10 as a file with the .p10 extension. However, the CAcert site requires Base64 encoded CSR notation. This article discusses how to convert a P10 binary format necessary to obtain a client or server certificate from CAcert.

P10 CSR display

The generated client certificate request can look like this:

Binary CSR

Suppose that the CSR is stored in a binary file named CSR.p10 after it has been generated. In order to submit it to CAcert to create a certificate, it must be converted to character format by Base64 encoding and supplemented by the bounding description lines BEGIN and END.

The conversion process

There are online converters from binary to Base64 on the Internet, such as this (the search text is Base64, if you search them). The online converter must give the possibility to upload your binary CSR file for conversion. After converting to Base64 encoding, you can either copy-paste the result through the clipboard (Ctrl-C - Ctrl-V), or download it as a file.

Note: The file sent to the converter contains your public key and the information about you that you have stored in it, i.e. the data you wish to publish anyway. So don't be afraid to send the file; in the case of CAcert, it is sufficient that only your e-mail address plus general information such as country code, city, etc. are in the CSR.

The obtained file will look like this:

CSR encoded into ASCII characters using the Base64 method

The bounding lines need to be added. Add the line
to the very beginning of the file and
to the end of file.

The contents of the file will now look like this:

CSR encoded into ASCII characters using the Base64 method, with the bounded lines

Submit CSR to CAcert to create a certificate

Log in to CAcert and choose New (client or server) certificate from the menu. In the case of a client certificate, check Show advanced options on the next page. Among other things, a field Optional Client Request ... will appear, where you can Copy and Paste (Ctrl-C - Ctrl-V) the contents of the file, including the bounding lines. Fill in other certificate parameters you require (your name & e-mail if client cert, computer/host name if server cert), agree to the CAcert Community Agreement and continue with the Next button. The certificate will then be issued immediately, because the key of the appropriate length is already a part of the CSR and its length can no longer be changed.

The next procedure (installation of the certificate into the browser, its download, backup, etc.) is completely identical with other manuals, for example Windows here, where is also a picture of the new client certificate page with advanced options displayed.