Linux convert cer to crt

Apache с SSL — Как конвертировать CER в сертификаты CRT?

Мне нужно настроить сервер Apache 2 с SSL. У меня есть файл *.key, но мой издатель сертификата предоставил мне файл *.cer. Во всех документах вокруг сети они предназначены для сертификатов *.crt. Пожалуйста, дайте мне знать, это *.cer, как *.crt. Если теперь, как я могу преобразовать формат CER в CRT?

Расширения CER и CRT ничего не значат. Различные поставщики PKI используют разные расширения для одной и той же вещи. Если файл является двоичным, то, вероятно, он закодирован в формате ASN.1 / DER. Если файл читается человеком с ——BEGIN CERTIFICATE—— , то его кодируется PEM. Что у вас есть (DER или PEM) и что вам нужно (DER или PEM)?

10 ответов

Расширения файлов для криптографических сертификатов на самом деле не столь стандартизированы, как вы ожидали. Windows по умолчанию рассматривает двойной щелчок на файле .crt в качестве запроса на импорт сертификата в хранилище корневого хранилища Windows, но рассматривает файл .cer как запрос только для просмотра сертификата. Таким образом, они по-разному в этом смысле, по крайней мере, что Windows имеет какое-то своеобразное значение для того, что происходит, когда вы дважды щелкаете по каждому типу файла.

Но то, как Windows обрабатывает их, когда вы их дважды щелкаете, — это единственное различие между ними. Оба расширения просто представляют, что он содержит общедоступный сертификат. Вы можете переименовать файл или использовать его вместо другого в любом файле системы или конфигурации, который я видел. И на платформах, отличных от Windows (и даже в Windows) люди не особенно осторожны в отношении того, какое расширение они используют, и рассматривают их как взаимозаменяемые, так как нет никакой разницы между ними, если содержимое файла верное.

Сделать вещи более запутанными в том, что есть два стандартных способа хранения данных сертификата в файле: One — это «двоичная» кодировка X.509, а другая — «текстовая» base64-кодировка, которая обычно начинается с » ——BEGIN CERTIFICATE—— «. Они кодируют одни и те же данные, но по-разному. Большинство систем принимают оба формата, но если вам нужно, вы можете конвертировать один в другой через openssl или другие инструменты. Но кодировка в файле сертификата действительно не зависит от того, какое расширение кто-то дал этому файлу.

Если у вас есть конкретные вопросы о трудностях с использованием определенного типа файла с конкретной программой, лучше было бы написать отдельный вопрос, описывающий, какой у вас файл и что ожидает ваше приложение.

Читайте также:  Xerox 3345 драйвер линукс

Источник

How to Convert an Ssl Certificate in Linux

Converting certificates between cer/pem/crt/der/pfx/p12 can be done in Linux with the use of OpenSSL tool via the terminal.

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software.

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?

File extensions for cryptographic certificates aren’t really as standardized as you’d expect. Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate. So, they’re different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file.

But the way that Windows handles them when you double-click them is about the only difference between the two. Both extensions just represent that it contains a public certificate. You can rename a certificate file to use one extension in place of the other in any system or configuration file that I’ve seen. And on non-Windows platforms (and even on Windows), people aren’t particularly careful about which extension they use, and treat them both interchangeably, as there’s no difference between them as long as the contents of the file are correct.

Making things more confusing is that there are two standard ways of storing certificate data in a file: One is a «binary» X.509 encoding, and the other is a «text» base64 encoding that usually starts with » ——BEGIN CERTIFICATE—— «. These encode the same data but in different ways. Most systems accept both formats, but, if you need to, you can convert one to the other via openssl or other tools. The encoding within a certificate file is really independent of which extension somebody gave the file.

Convert .pem to .crt and .key

I was able to convert pem to crt using this:

openssl x509 -outform der -in your-cert.pem -out your-cert.crt

How to get .pem file from .key and .crt files?

Your keys may already be in PEM format, but just named with .crt or .key.

Читайте также:  Openvpn site to site linux

If the file’s content begins with ——BEGIN and you can read it in a text editor:

The file uses base64, which is readable in ASCII, not binary format. The certificate is already in PEM format. Just change the extension to .pem.

If the file is in binary:

For the server.crt, you would use

openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem

For server.key, use openssl rsa in place of openssl x509 .

The server.key is likely your private key, and the .crt file is the returned, signed, x509 certificate.

If this is for a Web server and you cannot specify loading a separate private and public key:

You may need to concatenate the two files. For this use:

cat server.crt server.key > server.includesprivatekey.pem

I would recommend naming files with «includesprivatekey» to help you manage the permissions you keep with this file.

How to generate a self-signed SSL certificate using OpenSSL?

You can do that in one command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

You can also add -nodes (short for «no DES») if you don’t want to protect your private key with a passphrase. Otherwise it will prompt you for «at least a 4 character» password.

The days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you for things like «Country Name», but you can just hit Enter and accept the defaults.

Add -subj ‘/CN=localhost’ to suppress questions about the contents of the certificate (replace localhost with your desired domain).

Self-signed certificates are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a certificate authority (CA).

How to convert a long date to short date from SSL certificates | Unix KSH

The openssl command will make the NotBeforeDate variable to have the value (at least in the bash version I’m using):

notBefore=Oct 31 00:00:00 2013 GMT

So, first we need to remove the notBefore= part:

Then you can use the date command:

The —date option tells the command to use the dateStr value, —utc tells that the date is in UTC (as specified by GMT part) and +»%m-%d-%Y» formats the date to the desired format.

PS: the options can vary according to your Linux version.

You can check all the available ones with date —help or man date .

For example, the long options —date and —utc might not be available, but the equivalent short versions might be (just an example, I’m not sure if date command has such variations between different unix versions):

Unfortunately I don’t have the exact same environment you’re using (ksh in unix), but that should work.

The -d options seems to be GNU specific, so if it’s not available, you’ll have to manually parse the string. Assuming that dateStr has the value Oct 31 00:00:00 2013 GMT , you can run:

Читайте также:  Install touch screen linux

How can I convert a PFX certificate file for use with Apache on a linux server?

With OpenSSL you can convert pfx to Apache compatible format with next commands:

openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer
openssl pkcs12 -in domain.pfx -nocerts -nodes -out domain.key

First command extracts public key to domain.cer .

Second command extracts private key to domain.key .

Update your Apache configuration file with:

 
.
SSLEngine on
SSLCertificateFile /path/to/domain.cer
SSLCertificateKeyFile /path/to/domain.key
.

Источник

Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?

I need to setup an Apache 2 server with SSL. I have my *.key file, but all the documentation I’ve found online, *.crt files are specified, and my CA only provided me with a *.cer file. Are *.cer files the same as *.crt? If not, how can I convert CER to CRT format?

CER and CRT extensions mean nothing. Different PKI vendors use different extensions for the same thing. If the file is binary, then its probably ASN.1/DER encoded. If the file is human readable with ——BEGIN CERTIFICATE—— , then its PEM encoded. What do you have (DER or PEM), and what do you need (DER or PEM)?

11 Answers 11

File extensions for cryptographic certificates aren’t really as standardized as you’d expect. Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate. So, they’re different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file.

But the way that Windows handles them when you double-click them is about the only difference between the two. Both extensions just represent that it contains a public certificate. You can rename a certificate file to use one extension in place of the other in any system or configuration file that I’ve seen. And on non-Windows platforms (and even on Windows), people aren’t particularly careful about which extension they use, and treat them both interchangeably, as there’s no difference between them as long as the contents of the file are correct.

Making things more confusing is that there are two standard ways of storing certificate data in a file: One is a «binary» X.509 encoding, and the other is a «text» base64 encoding that usually starts with » ——BEGIN CERTIFICATE—— «. These encode the same data but in different ways. Most systems accept both formats, but, if you need to, you can convert one to the other via openssl or other tools. The encoding within a certificate file is really independent of which extension somebody gave the file.

Источник

Оцените статью
Adblock
detector