This question already has answers here:
How to get .pem file from .key and .crt files?
(12 answers)
Difference between pem, crt, key files
(3 answers)
Closed 6 months ago.
I used https://www.sslforfree.com/ to generate a 90 days certificate, and downloaded a zip file which contains 3 files.
ca_bundle.crt
certificate.crt
private.key
but I'm using haproxy and I need a .pem file. how should convert these 3 files into a .pem file and use it inside haproxy config ?
Related
I want to be able to send certificates in my API requests.
Please see - Add certificate on request with RestSharp
As shown in that post. I need to convert .crt and .key to .pfx , however my current certificates are .pem, so I thought I will need to convert them into .crt and .key first and then use the openssl comand used in that post to convert them into .pfx and then carry on with the rest of the solution.
My certificates are -
CRT file -
C:\Users\JohnSmith\Downloads\certsh\client-crt.pem
Key file -
C:\Users\JohnSmith\Downloads\certsh\client-key.pem
I was able to convert the Key file to a .key , but when trying to convert the CRT file I am getting this error.
unable to load certificate 13668:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: TRUSTED CERTIFICATE error in x509
I am using this command to try and convert the .pem to .crt
x509 -outform der -in client-csr.pem -out client.crt
The extension .pem indicates that the format of the file is PEM (Privacy-Enhanced Mail) (RFC 7468). The content of the file may be a certificate, a private key, a public key, or something else. If you open a PEM file with a text editor, your will see -----BEGIN ?????----- at the top.
The extension .crt implies that the content of the file is a certificate. However, the extension does not tell anything about the file format. The format may be PEM, DER (Distinguished Encoding Rules) (X.690), or something else. If the file contains -----BEGIN CERTIFICATE-----, the format is PEM. On the other hand, if the file contains binary data, it is likely that the format is DER.
The extension .key implies that the content of the file is a private key. However, the extension does not tell anything about the file format. The format may be PEM, DER, or something else. If the file contains -----BEGIN PRIVATE KEY-----, the format is PEM. On the other hand, if the file contains binary data, it is likely that the format is DER.
The string csr, which is a part of the file name client-csr.pem, implies that the content of the file is CSR (Certificate Signing Request). Note that CSR is NOT a certificate. It seems you are trying to convert the file format of client-csr.pem from PEM to DER, but the CSR will never become a certificate by converting the file format. What you should give to the openssl command is not client-csr.pem but client-crt.pem, I think.
Understanding relationship among ASN.1 (X.680), DER (X.690), BASE64 (RFC 4648) and PEM (RFC 7468) will improve the quality of your questions and help you avoid wasting time. I hope that diagrams below excerpted from "Illustrated X.509 Certificate" can help you.
This question already has answers here:
How to get .pem file from .key and .crt files?
(12 answers)
Closed 4 years ago.
I downloaded the files from a ssl purchase and got from it the following files:
ServerCertificate.cer
CACertificate-ROOT-2.cer
CACertificate-INTERMEDIATE-1.cer
PKCS7.p7b
A client requires 2 crt.pem files. One of which needs to come from the ServerCertificate.cer and another from a so called PFC file that should of been provided. Which is aparently a combination of the certificate and the key.
I have tried using:
openssl x509 -inform der -in certificate.cer -out certificate.pem to convert the first file however I get a "Unable to load certificate" error.
What am I doing wrong?
PS Please dont link me to https://www.sslshopper.com/ssl-converter.html, as this isn't working either.
If by PFC you actually mean PFX, then you can convert p7b to pfx (PKCS#7 to PKCS#12) using openssl.
ServerCertificate.cer is most likely PEM. Follow Steffen's comment:
Extensions do not matter. It is likely that your *.cer files are already in PEM format and you just have to rename these if you want a file name of *.pem but not convert. Look at the contents with some editor: if it is binary it is likely DER encoded, if it starts with something like -----BEGIN CERTIFICATE----- it is PEM encoded.
If it is not PEM, then it is binary and openssl can convert it to PEM.
Normally you need two files: the private key (ServerCertificate.key) and the certificate (ServerCertificate.cer). Sometime you also need the root and intermediate certificates depending on who issued your certificate (you don't say).
None of the file that you listed is the private key. This was created as the first step to create the CSR (certificate signing request) that you sent to the ssl vendor. PFX has the option to include the private key in its file format.
If you created the CSR on Windows (IIS) then you don't send anything to the customer, you complete the CSR on the computer that created the CSR. Then you can export the certificate package.
I am config the ssl using Mechanize, according the document I need to set the
agent.cert = 'example.cer'
agent.key='example.cer'
but how can I get these two file? I also find that ssl file has a lot of types, such as .cer .pem .crt .key, what is the relationship between them?
Let's start from PEM files, which are your digital certificates written in form encoded in only basic ASCII characters, they can be easily copy&pasted, e-mailed, printed. More about them:
Working with PEM files
How to get an OpenSSL .pem file from .key and .crt files?
The file with .crt extension is PEM or DER, which is just binary encoded certificate. This extension is recognized by Windows, while PEM or DER aren't.
The file with .key extension is just your private key. It's stored in separate file. Format not standardized.
You will find more information about all these formats in the answer on serverfault: What is a PEM file and how does it differ from other OpenSSL generated key file formats?
Is it possible to install SSL certificate in Centos (6.5) and apache with just a .pem file? I have been told by the client that they do not have a .crt file or a .key file. It is a wildcard certificate that I need to install in one of the subdomain.
Extensions do not matter.
Usually .crt is used for a certificate in PEM format and .key for the matching key. Both are base64 encoded data with a PEM header like "---- BEGIN CERTIFICATE ---" or "----- BEGIN RSA PRIVATE KEY -----".
But you can put both certificate and key together in a single PEM file and use this inside the certificate and key parameters. But, of course, you have to make sure that your *.pem files really contains both certificate and key.
I read this tutorial "http://docs.jboss.org/jbossweb/7.0.x/ssl-howto.html"
and i already have JBoss Server with SSL.
I want to use current cert.
(what i generate by "keytool -genkey -alias tomcat -keyalg RSA")
in Apache 2 (as Front-end for JBoss).
But i don't know how to convert key from keytool in PEM (key and cer files). How do it ?
This question has already been answered. Please check the answers for the same questions:
how to convert CRT to PEM
and or:
How to make PEM from KEY and CRT files