I have to install a certificates on my server, but they only gave me a .cer file. I search on some forums, but I don't find anything to install it, just for .crt files...
How could I install it ?
Thanks a lot
You must first convert the cer file into a crt file.
openssl x509 -inform DER -in <fullfilepath>/certificate.cer -out certificate.crt
Then to install do the following:
sudo mkdir /usr/local/share/ca-certificates/my-custom-ca
sudo cp certificate.crt /usr/local/share/ca-certificates/my-custom-ca
sudo update-ca-certificates
You can find the full installation procedure here.
.cer certificate is a Microsoft specific format. You can try to convert from .cer into .crt before installation following such a guide in the answer provided here: convert_cer_to_crt
Related
When I try to generate a key from a pfx certificate file, it creates an empty file
openssl pkcs12 -in test.pfx -nocerts -out test.key -nodes
I executed the command on git bash, Windows server 2019. The command seems to run without stoping because I can't type.
Thanks
I'am trying to generate certificate from Let's Encrypt It over certbot (package ver. 0.21.1.-1), but i'am getting error. I'am using webroot module.
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/ssl/certs/ca-certificates.crt
I don't have there file with this filename. Should i generate it, download?
Maybe /etc/ssl/certs/ca-certificates.crt is not exist.
Try running sudo update-ca-certificates to create it.
I ended up doing cd /etc/ssl/certs followed by cat *.pem >> ca-certificates.crt
Not the most elegant solution and you'll have to delete the file and redo it every time the ca-certificates package (or its dependents) update...
Try running sudo pacman -S ca-certificates to install the core certificates
For me, update-ca-trust did the trick.
It happens because the original ca-certificates.crt file is missing.
In my case, I removed it when adding a new certificate file containing my website.com as a CN (Common Name). Fortunately, I had a backup copy of that file.
If you have that file, just put it again in the directory:
/etc/ssl/certs/ca-certificates.crt
Or try to add a new one with the same name.
I am trying to add certificate Authority (CA) file name - ca.crt to /etc/ssl/certs, for that I followed this article.
I copied my ca.crt file to /etc/pki/ca-trust/source/anchors/ and run the command below;
update-ca-trust extract
After that I checked /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt file, but I didn't find my CA.
I am not able to figure out what may be the problem.
What am I doing wrong and how can I fix it?
copy your certificates inside
/etc/pki/ca-trust/source/anchors/
then run the following command
update-ca-trust
Find *.pem file and place it to the anchors sub-directory or just simply link the *.pem file to there.
yum install -y ca-certificates
update-ca-trust force-enable
sudo ln -s /etc/ssl/your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem
update-ca-trust
Your CA file must have been in a binary X.509 format instead of Base64 encoding; it needs to be a regular DER or PEM in order for it to be added successfully to the list of trusted CAs on your server.
To proceed, do place your CA file inside your /usr/share/pki/ca-trust-source/anchors/ directory, then run the command line below (you might need sudo privileges based on your settings);
# CentOS 7, Red Hat 7, Oracle Linux 7
update-ca-trust
Please note that all trust settings available in the /usr/share/pki/ca-trust-source/anchors/ directory are interpreted with a lower priority compared to the ones placed under the /etc/pki/ca-trust/source/anchors/ directory which may be in the extended BEGIN TRUSTED file format.
For Ubuntu and Debian systems, /usr/local/share/ca-certificates/ is the preferred directory for that purpose.
As such, you need to place your CA file within the /usr/local/share/ca-certificates/ directory, then update the of trusted CAs by running, with sudo privileges where required, the command line below;
update-ca-certificates
QUICK HELP 1: To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system:
add it as a new file to directory /etc/pki/ca-trust/source/anchors/
run update-ca-trust extract
QUICK HELP 2: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:
add it as a new file to directory /etc/pki/ca-trust/source/
run update-ca-trust extract
More detail infomation see man update-ca-trust
Maybe late to the party but in my case it was RHEL 6.8:
Copy certificate.crt issued by hosting to:
/etc/pki/ca-trust/source/anchors/
Then:
update-ca-trust force-enable (ignore not found warnings)
update-ca-trust extract
Hope it helps
Complete instruction is as follow:
Extract Private Key from PFX
openssl pkcs12 -in myfile.pfx -nocerts -out private-key.pem -nodes
Extract Certificate from PFX
openssl pkcs12 -in myfile.pfx -nokeys -out certificate.pem
install certificate
yum install -y ca-certificates,
cp your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem ,
update-ca-trust ,
update-ca-trust force-enable
Hope to be useful
I've installed CouchDB on the mac via Homebrew (yay homebrew!):
brew install couchdb
Then I've done a bunch of SSL setup steps (in a shell script) that are detailed in the official documentation: http://docs.couchdb.org/en/1.6.1/config/http.html -
#!/bin/sh
currDir=$(pwd)
mkdir couch_certs
cd couch_certs
openssl genrsa > privkey.pem
openssl req -new -x509 -key privkey.pem -out couchdb.pem -days 1095
chmod 600 privkey.pem couchdb.pem
perl -p -i -e "s#\[daemons\]#[daemons]\nhttpsd = {couch_httpd, start_link, [https]}#" /usr/local/etc/couchdb/default.ini
perl -p -i -e "s#\[ssl\]#[ssl]\ncert_file = ${currDir}/couchdb.pem#" /usr/local/etc/couchdb/default.ini
perl -p -i -e "s#\[ssl\]#[ssl]\nkey_file = ${currDir}/privkey.pem#" /usr/local/etc/couchdb/default.ini
Then (same terminal), I launch couch:
couchdb
In a different terminal I test that:
curl -k https://127.0.0.1:6984/
And get a failure:
curl: (35) Server aborted the SSL handshake
What am I doing wrong?
Note I can get the same error when doing the CouchDB install as an application (section 2.3.1 of http://docs.couchdb.org/en/stable/install/mac.html)
Edit: I think it is an Erlang SSL issue: http://bugs.erlang.org/browse/ERL-74
My root cause was an older version of openssl (the one that came with OS X 10.10.5). After a homebrew install of openssl, and the same key-gen sequence, it all works.
This question already has answers here:
How to convert SSH keypairs generated using PuTTYgen (Windows) into key-pairs used by ssh-agent and Keychain (Linux)
(10 answers)
Closed 3 years ago.
So there are plenty of tutorials on how to convert a PEM to a PPK using puttyGen. However my issue is that my windows machine had the only PEM copy and I converted it into a PPK and deleted it. Now I need to figure out how to convert a PPK into a PEM so that my mac can ssh into the server. I still have access to the server so I could also just make a new key if I had to, anyone know how to convert PPK to PEM?
Install PuttyTools
apt-get install putty-tools
Generate a pem file form the ppk
puttygen server.ppk -O private-openssh -o server.pem
The file server.pem file will be saved on same location
If you're on a Mac and you've previously installed Homebrew, from Terminal:
$ brew install putty
$ puttygen server.ppk -O private-openssh -o server.pem
The first command was suggested in this comment and the second from Emizen Tech's answer.
Try this to install putty-tools
sudo apt install putty-tools
puttygen key.ppk -O private-openssh -o key.pem
ssh -i ~/key.pem {user}#{ip}
First, install PuTTY for Mac using
brew install putty
Then, use the following command to convert the .ppk format private key to a standard PEM format private key:
puttygen privatekey.ppk -O private-openssh -o privatekey.pem
Make sure permissions on the private key file are set properly. It should only be readable by the user that owns it.
chmod go-rw privatekey.pem
You can now use the key for logins from scripts and command line with:
ssh -i privatekey.pem user#hostname