Best IT Recipes

Apache with SSL - How to convert CER certificates to CRT?

I need to configure Apache 2 server with SSL.

I have a * .key file, but my certificate publisher provided me with a * .cer file.

In all documents around the network, they are for * .crt certificates.

Please let me know this is * .cer, like * .crt.

If now, how can I convert the CER format to CRT?

+67
ssl apache
Mar 13 '09 at 11:40
source share
10 answers

The file extensions for cryptographic certificates are not really as standardized as you expected. Windows by default considers double-clicking on the .crt file as a request to import a certificate into the Windows root store, but treats the .cer file as a request to view the certificate only. Thus, they are different in this sense, at least that Windows has some peculiar value for what happens when you double-click on each type of file.

But the way Windows handles them when you double-click them is the only difference between them. Both extensions simply represent that it contains a public certificate. You can rename the file or use it instead of another in any system or configuration file that I saw. And on platforms other than Windows (and even on Windows), people are not particularly careful about which extension they use, and treat them as interchangeable, as there is no difference between them if the contents of the file are correct.

To make things more confusing, there are two standard ways to store certificate data in a file: One is the β€œbinary” X.509 encoding, and the other is the β€œtext” base64 encoding, which usually starts with " -----BEGIN CERTIFICATE----- ". They encode the same data, but in different ways. Most systems accept both formats, but if you need to, you can convert one to the other via openssl or other tools. But the encoding in the certificate file really does not depend on what extension someone gave to this file.

If you have specific questions about the difficulties of using a certain type of file with a specific program, it would be better to write a separate question that describes what kind of file you have and what your application expects.

+58
Mar 13 '09 at 12:01
source share

CER is an X.509 binary certificate, DER .
CRT is an X.509 binary certificate enclosed in text ( base-64 ).

This is not the same encoding.

+32
May 16 '13 at 12:39
source share

According to the mod_ssl documentation:

 SSLCertificateFile: Name: SSLCertificateFile Description: Server PEM-encoded X.509 certificate file

Certificate file must be PEM-encoded X.509 Certificate file:

 openssl x509 -inform DER -in certificate.cer -out certificate.pem
+32
Jan 31 '15 at 12:54
source share

I assume that you have a .cer file containing the certificate data encoded in PKCS # 7 and you want to convert it to certificate data encoded in PEM (usually a .crt or .pem file). For example, a .cer file containing PKCS # 7-encoded data is as follows:

 ----- BEGIN PKCS7 -----
 MIIW4gYJKoZIhvcNAQcCoIIW0zCCFs8CAQExADALBgkqhkiG9w0BBwGggha1MIIH
 ...
 POI9n9cd2cNgQ4xYDiKWL2KjLB + 6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G
 + bKhADEA
 ----- END PKCS7 -----

PEM certificate data is as follows:

 ----- BEGIN CERTIFICATE -----
 MIIHNjCCBh6gAwIBAgIQAlBxtqKazsxUSR9QdWWxaDANBgkqhkiG9w0BAQUFADBm
 ...
 nv72c / OV4nlyrvBLPoaS5JFUJvFUG8RfAEY =
 ----- END CERTIFICATE -----

There is an OpenSSL command that converts .cer files (with PKCS # 7 data) into PEM data that you may encounter ( BEGIN CERTIFICATE block in the above example). You can force PKCS # 7 data in PEM format with this command in a file we will call certfile.cer:

openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem

Note that a .cer or .pem file may contain one or more certificates (possibly the entire certificate chain).

+24
Mar 29 2018-11-21T00:
source share

The answer to the question of how to convert the .cer file to a .crt file (they are encoded differently!):

 openssl pkcs7 -print_certs -in certificate.cer -out certificate.crt
+11
Feb 17 '14 at 15:32
source share

Basically, there are two types of CER certificate encoding: DER and Base64. When the DER type returns an error loading certificate (coding procedures asn1), try PEM and it will work.

openssl x509 -inform DER -in certificate.cer -out certificate.crt

openssl x509 -inform PEM -in certificate.cer -out certificate.crt

+10
May 16 '16 at 11:30
source share

The .cer and .crt file must be interchangeable if you import them into the keystore.

Take a look at the contents of the .cer file. Delete anything before the line -----BEGIN CERTIFICATE----- and after the line -----END CERTIFICATE----- . You will be left with BEGIN / END lines with a bunch of Base64 encoded material between them.

 -----BEGIN CERTIFICATE----- MIIDQTCCAqqgAwIBAgIJALQea21f1bVjMA0GCSqGSIb3DQEBBQUAMIG1MQswCQYD ... pfDACIDHTrwCk5OefMwArfEkSBo/ -----END CERTIFICATE-----

Then just import it into your key file using keytool.

 keytool -import -alias myalias -keystore my.keystore -trustcacerts -file mycert.cer
+3
Mar 13 '09 at 12:37
source share

If your cer file is in binary format, you should convert it

 openssl x509 -inform DER -in YOUR_CERTIFICATE.cer -out YOUR_CERTIFICATE.crt
+2
May 05 '16 at 12:53
source share

This command helps me:

openssl x509 -inform DER -in certificate.cer -out certificate.crt

Thanks @Liibo

+1
Dec 20 '17 at 9:04 on
source share

Just do

 openssl x509 -req -days 365 -in server.cer -signkey server.key -out server.crt
0
Dec 09 '14 at 11:16
source share


More articles:


All Articles