Convert a PEM-formatted String to a java.security.cert.X509Certificate

Decode the Base64 to binary, with some InputStream reading it, then try

CertificateFactory cf = CertificateFactory.getInstance("X.509");Certificate cert = cf.generateCertificate(is);

I have a similar problem, I'm pasting also here the java code that worked for me in case anyone neaded it :

import java.util.Base64;public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException {    String certStr = _request.getHeader("x-clientcert");    //before decoding we need to get rod off the prefix and suffix    byte [] decoded = Base64.getDecoder().decode(certStr.replaceAll(X509Factory.BEGIN_CERT, "").replaceAll(X509Factory.END_CERT, ""));    return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));}

The steps in conversion of PEM formatted String is opposite of how (x509 -> String) took place.

Sample PEM Formatted String :

-----BEGIN CERTIFICATE-----MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAyMDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEUMBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0EgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyuvBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGMak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0AwzlkVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbbrvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7POfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCBtAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkGA1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0EgTHRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpXxQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6KrXcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7gBMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56YIt8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX-----END CERTIFICATE-----

Here are the steps :

1. Remove headers from PEM formatted StringHeaders are : ---- BEGIN CERTIFICATE ----- and ----- END CERTIFICATE ------2. Decode the rest of the part using Base64 to byte array3. Then you can use CertificateFactory to convert byte stream to x509Certificate object

Sample Code to do above (with PEM Writer):

  /**     * Converts a PEM formatted String to a {@link X509Certificate} instance.     *     * @param pem PEM formatted String     * @return a X509Certificate instance     * @throws CertificateException      * @throws IOException     */    public X509Certificate convertToX509Certificate(String pem) throws CertificateException, IOException {        X509Certificate cert = null;        StringReader reader = new StringReader(pem);        PEMReader pr = new PEMReader(reader);        cert = (X509Certificate)pr.readObject();        return cert;    }