对于 Apache SSL 证书,我是否需要将 .CER 转换为 .CRT? 如果是这样,如何?
[英]Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?
问题描述
I need to setup an Apache 2 server with SSL.
我需要使用 SSL 设置一个 Apache 2 服务器。
I have my *.key file, but all the documentation I've found online, *.crt files are specified, and my CA only provided me with a *.cer file.我有我的 *.key 文件,但是我在网上找到的所有文档、*.crt 文件都是指定的,而我的 CA 只为我提供了一个 *.cer 文件。
Are *.cer files the same as *.crt? *.cer 文件是否与 *.crt 相同? If not, how can I convert CER to CRT format?如果没有,我如何将 CER 转换为 CRT 格式?
11 个解决方案
解决方案1
123 已采纳 2009-03-13 12:01:20
File extensions for cryptographic certificates aren't really as standardized as you'd expect.加密证书的文件扩展名并不像您期望的那样标准化。 Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate.默认情况下,Windows 将双击.crt文件视为将证书导入 Windows 根证书存储的请求,但将.cer文件视为仅用于查看证书的请求。 So, they're different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file.因此,它们是不同的,因为 Windows 对双击每种类型的文件时所发生的情况具有一些固有的不同含义。
But the way that Windows handles them when you double-click them is about the only difference between the two.但是当您双击它们时 Windows 处理它们的方式是两者之间的唯一区别。 Both extensions just represent that it contains a public certificate.这两个扩展只代表它包含一个公共证书。 You can rename a certificate file to use one extension in place of the other in any system or configuration file that I've seen.您可以重命名证书文件以在我见过的任何系统或配置文件中使用一个扩展名代替另一个。 And on non-Windows platforms (and even on Windows), people aren't particularly careful about which extension they use, and treat them both interchangeably, as there's no difference between them as long as the contents of the file are correct.而在非 Windows 平台上(甚至在 Windows 上),人们并不特别注意他们使用哪个扩展名,而是将它们互换对待,因为只要文件内容正确,它们之间就没有区别。
Making things more confusing is that there are two standard ways of storing certificate data in a file: One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with " -----BEGIN CERTIFICATE----- ".更令人困惑的是,在文件中存储证书数据有两种标准方式:一种是“二进制”X.509 编码,另一种是通常以“ -----BEGIN CERTIFICATE----- ”开头的“文本”base64 编码-----BEGIN CERTIFICATE----- ”。 These encode the same data but in different ways.这些编码相同的数据,但方式不同。 Most systems accept both formats, but, if you need to, you can convert one to the other via openssl or other tools.大多数系统都接受这两种格式,但是,如果需要,您可以通过 openssl 或其他工具将一种格式转换为另一种格式。 The encoding within a certificate file is really independent of which extension somebody gave the file.证书文件中的编码实际上与某人给文件的扩展名无关。
解决方案2
75 2016-05-16 11:30:29
Basically there are two CER certificate encoding types, DER and Base64.基本上有两种 CER 证书编码类型,DER 和 Base64。 When type DER returns an error loading certificate (asn1 encoding routines), try the PEM and it shall work.当 DER 类型返回错误加载证书(asn1 编码例程)时,尝试 PEM,它应该可以工作。
openssl x509 -inform DER -in certificate.cer -out certificate.crt
openssl x509 -inform PEM -in certificate.cer -out certificate.crt
解决方案3
56 2015-01-31 12:54:22
According to documentation mod_ssl :根据文档mod_ssl :
SSLCertificateFile:
Name: SSLCertificateFile
Description: Server PEM-encoded X.509 certificate file
Certificate file should be PEM-encoded X.509 Certificate file:证书文件应该是 PEM 编码的 X.509 证书文件:
openssl x509 -inform DER -in certificate.cer -out certificate.pem
解决方案4
32 2013-05-16 12:39:20
CER is an X.509 certificate in binary form, DER encoded. CER是二进制形式的 X.509 证书, DER编码。
CRT is a binary X.509 certificate, encapsulated in text ( base-64 ) encoding. CRT是二进制 X.509 证书,封装在文本 ( base-64 ) 编码中。
It is not the same encoding.它不是相同的编码。
解决方案5
32 2011-03-29 21:03:46
I assume that you have a .cer file containing PKCS#7-encoded certificate data and you want to convert it to PEM-encoded certificate data (typically a .crt or .pem file).我假设您有一个包含 PKCS#7 编码的证书数据的 .cer 文件,并且您想将其转换为 PEM 编码的证书数据(通常是 .crt 或 .pem 文件)。 For instance, a .cer file containing PKCS#7-encoded data looks like this:例如,包含 PKCS#7 编码数据的 .cer 文件如下所示:
-----BEGIN PKCS7----- MIIW4gYJKoZIhvcNAQcCoIIW0zCCFs8CAQExADALBgkqhkiG9w0BBwGggha1MIIH ... POI9n9cd2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G +bKhADEA -----END PKCS7-----
PEM certificate data looks like this: PEM 证书数据如下所示:
-----BEGIN CERTIFICATE----- MIIHNjCCBh6gAwIBAgIQAlBxtqKazsxUSR9QdWWxaDANBgkqhkiG9w0BAQUFADBm ... nv72c/OV4nlyrvBLPoaS5JFUJvFUG8RfAEY= -----END CERTIFICATE-----
There is an OpenSSL command that will convert .cer files (with PKCS#7 data) to the PEM data you may be expecting to encounter (the BEGIN CERTIFICATE block in the example above).有一个 OpenSSL 命令可以将 .cer 文件(带有 PKCS#7 数据)转换为您可能期望遇到的 PEM 数据(上面示例中的BEGIN CERTIFICATE块)。 You can coerce PKCS#7 data into PEM format by this command on a file we'll call certfile.cer:您可以通过以下命令将 PKCS#7 数据强制转换为 PEM 格式,我们将在一个我们称为 certfile.cer 的文件中:
openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem
Note that a .cer or .pem file might contain one or more certificates (possibly the entire certificate chain).请注意,.cer 或 .pem 文件可能包含一个或多个证书(可能是整个证书链)。
解决方案6
28 2018-08-27 09:10:42
I use command:我使用命令:
openssl x509 -inform PEM -in certificate.cer -out certificate.crt
But CER is an X.509 certificate in binary form, DER encoded.但 CER 是二进制形式的 X.509 证书,DER 编码。 CRT is a binary X.509 certificate, encapsulated in text (base-64) encoding. CRT 是二进制 X.509 证书,封装在文本 (base-64) 编码中。
Because of that, you maybe should use:因此,您可能应该使用:
openssl x509 -inform DER -in certificate.cer -out certificate.crt
And then to import your certificate:然后导入您的证书:
Copy your CA to dir:将您的 CA 复制到目录:
/usr/local/share/ca-certificates/
Use command:使用命令:
sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
Update the CA store:更新 CA 存储:
sudo update-ca-certificates
解决方案7
17 2014-02-17 15:32:04
如何将 .cer 文件转换为 .crt 文件(它们的编码方式不同!)这个问题的答案是:
openssl pkcs7 -print_certs -in certificate.cer -out certificate.crt
解决方案8
6 2016-05-05 12:53:36
如果您的 cer 文件具有二进制格式,则必须将其转换为
openssl x509 -inform DER -in YOUR_CERTIFICATE.cer -out YOUR_CERTIFICATE.crt
解决方案9
4 2009-03-13 12:37:44
The .cer and .crt file should be interchangable as far as importing them into a keystore.只要将 .cer 和 .crt 文件导入密钥库,它们就应该是可互换的。
Take a look at the contents of the .cer file.查看 .cer 文件的内容。 Erase anything before the -----BEGIN CERTIFICATE----- line and after the -----END CERTIFICATE----- line.擦除-----BEGIN CERTIFICATE-----行之前和-----END CERTIFICATE-----行之后的任何内容。 You'll be left with the BEGIN/END lines with a bunch of Base64-encoded stuff between them.你会留下 BEGIN/END 行,它们之间有一堆 Base64 编码的东西。
-----BEGIN CERTIFICATE-----
MIIDQTCCAqqgAwIBAgIJALQea21f1bVjMA0GCSqGSIb3DQEBBQUAMIG1MQswCQYD
...
pfDACIDHTrwCk5OefMwArfEkSBo/
-----END CERTIFICATE-----
Then just import it into your keyfile using keytool.然后只需使用 keytool 将其导入您的密钥文件。
keytool -import -alias myalias -keystore my.keystore -trustcacerts -file mycert.cer
解决方案10
0 2021-02-26 11:42:24
Here is one case that worked for me if we need to convert .cer to .crt, though both of them are contextually same如果我们需要将 .cer 转换为 .crt,这是一个对我有用的案例,尽管它们在上下文上是相同的
openssl pkcs12 -in identity.p12 -nokeys -out mycertificate.crt
where we should have a valid private key (identity.p12) PKCS 12 format, this one i generated from keystore (.jks file) provided by CA (Certification Authority) who created my certificate.我们应该有一个有效的私钥 (identity.p12) PKCS 12 格式,这是我从创建我的证书的 CA(认证机构)提供的密钥库(.jks 文件)生成的。
解决方案11
-2 2014-12-09 11:16:25
做就是了
openssl x509 -req -days 365 -in server.cer -signkey server.key -out server.crt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.