I am a little confused about the differences between cert, pfx and intermediate certificates files, could anyone explains them to me.
thanks.
Related
I newer to configure SSL setup
I have .crt file and
CA signed files
Root CA Certificate
Intermediate CA Certificate
Intermediate CA Certificate
Your PositiveSSL Certificate
How should I create .jks file from the above files.I checked alot but didn't work for me
Can anyone help me out
or
I need to configure tomcat with ssl is there any other way to configure without .jks file please let me know
I created a Let's Encrypt certificate using SSLforFREE. It works great in the browser, but generates an "unknown certificate" error when used with an Alexa skill. Manually uploading the certificate to the Alexa service works, but it will not work as a "trusted" certificate.
Has anyone successfully used one of these as a "trusted" certificate with Alexa?
Oh, here's what you can do:
Download the contents of your fullchain.pem cert, from /etc/letsencrypt/live/<domain>/fullchain.pem on your server
On your skill config page, select the "SSL" Tab.
Mark "I will upload a self-signed certificate in X.509 format."
Paste the contents of your fullchain.pem file.
It worked for me. Not sure if chain or cert would be enough.
Dont use sslforfree. Use Letsencrypt fullchain certificates directly
Though certificates from https://www.sslforfree.com/ utilizes letsencrypt certificate chain, amazon finds an issue while tracing to a trusted certificate authority.
This is another discussion on missing certificate chains.
The solution that will work is, Use LetsEncrypt certificates directly with chained certificates to a trusted CA certificate.
For this, use certbot in order to generate LetsEncrypt certificate on your Server and follow the steps in #aldrinleal answer.
Could someone explain, how are all certificates built?
There are many files that are generated while getting a certificate (.csr .key .cert .pem).
What each file contain?
From what I already got .key file is a file with private key.
From that .key is generated .csr, which can be send to CA.
However webhosting providers each ask for different set of files (or name it randomly?). How to distinguish which file is which?
For example .pem and .cert files, each start with -----BEGIN CERTIFICATE----- which is confusing (at last for me).
Any kind soul would care to explain how it all works?
PEM is an encoding that is also used as extension. All files that start with -----BEGIN CERTIFICATE----- are PEM encoded. Even the .key. That said, a .pem file could be a key, a certificate, a chain certificate, etc. You should name it well to know what it is.
All .crt and .cert extensions mean the file is a certificate. The Certificate Authority chooses which extension they will send the file.
The .csr is also PEM encoded, but it is a Certicate Signing Request. It is created when you generate your .key file. With it you can ask for a CA to issue a certificate for you.
---Edit---
Based on your comment, you have received three files from letsencrypt: cert.pem, chain.pem and fullchain.pem. You also might have a privkey.pem.
To configure your certificate you can bother using just the privkey.pem and fullchain.pem which is just a concatenation of cert.pem and fullchain.pem. You need to setup those files in your web server, each web server is different and you might look for their specific instructions.
I bought a certificate from a CA and I don't know much about certificates. I need a PEM format certificate to use in dovecot. It could be a fool question as I don't know much about certificates. I got three files from the CA : .ca-bundle .crt .p7b I need both public and private keys
You can use this tool or the OpenSSL commands available in the same page to convert the certificate into PEM.
I'm honestly quite surprised about the files you received. Generally, the CAs already sends you the PEM encoded certificates.
The .ca-bundle and .crt are likely to be the intermediate chain and the server certificate. The .p7b is in general a bundle of both intermediate and server into a single file, if that's the case you can ignore it and use the bundle and crt files.
As for the key, you should have it as the key is used to sign the CSR you provided the CA.
You may also want to check your CA documentation to better understand the content of each these files.
While I know nothing about SSL or installing SSL Certificates, I'm sure one of the many results Google will give me for CentOS, SSL certs and Apache would help.
However, the certificate files which have been provided for this project are a .pfx file, .cer (the certificate) file and a .txt (apparently a certificate request) file, none of which are mentioned in the articles I'm finding.. they all talk of .crt and .key files.
Is there a particular way I should be converting these files, presumably via openssl, into something I can use in Apache?
.pfx files tend to be PKCS#12 files (which will contain the private key, the certificate and possibly the issuer certificate chain). They're sometimes called .p12. OpenSSL can extract private key and certificate from PKCS#12 files (via its openssl pkcs12 command), you should be able to find documentation to do this, via Google or other questions on SO.