I have an ST TPM and the ECC NIST P256 EK certificate is in NV memory handle 0x01c0000a. I can read the nv memory and extract the certificate - it is 1600 bytes, in DER format.

Openssl fails to convert the certificate from der to pem. Is this expected? I wrote a c program in OpenSSL to extract the public key, which seems to work, but I need to verify its correctness. Is there another tool like openssl that I can verify the key in the certificate? Any thoughts, etc?