Super User Asked by A. Dziedziczak on September 16, 2020
I followed How To: DER vs CRT vs CER vs PEM Certificates and How to Convert Them, wanting to understand how to set up SSL, but I cannot find a good reference for it.
On my server, I have paid certificates, not self-signed ones, and I want to enable SSL in my apache2 server; within 000-default.conf
, I need to insert the .cer
file path:
SSLCertificateFile /ets/ssl/example.pl.crt
SSLCertificateKeyFile /etc/ssl/example.key
As I understand it, .der
is an encrypted .cer
file; should I convert a .der
to .cer
, or is my thinking wrong?
Futuire visitors: Note that although all X.509 certificates are DER, not all DER files are X.509 – plenty of other non-certificate things use DER as well. This thread is strictly about X.509 certificates and not about any other data type.
X.509 certificates are always in DER format, but they're generally stored in two ways:
.der
, .cer
).crt
, .pem
)Note that the extensions aren't really set in stone – .cer
might be textual, .crt
might be binary, and so on. You have to actually look inside.
(There is no encryption involved; the certificate is public information.)
To convert one certificate from binary to textual format, you can use:
openssl x509 -in mycert.der -inform DER -out mycert.pem
# both -inform and -outform default to "PEM" if not specified otherwise
Or since it's just Base64,
(echo "-----BEGIN CERTIFICATE-----";
base64 < mycert.der;
echo "-----END CERTIFICATE-----") > mycert.pem
However, whichever way you use, don't forget to add the certificate chain (the "issuer" or "intermediate" certs obtained from your CA) to the same PEM file. Most software expects it all in a single file, although Apache used to use a separate SSLCertificateChainFile option in v2.2.x.
Correct answer by user1686 on September 16, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP