纯文本证书如何编码为 PEM/CRT 格式？

Question

I just bought an SSL cert from my domain registrar.

They only provided me:

• Plaintext of the CSR
• Plaintext of the intermediate and root CA(?) certs
• Plaintext of my SSL cert

(no .key file)

I had to copy the plaintext from their webpage after they magically created the cert.

My SSL cert looks like:

-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgIQD5EJV21qWTH5W6AhivSAEzANBgkqhkiG9w0BAQsFADBZ
<more string>
-----END CERTIFICATE-----

Questions:

1. If I create a new "cert. pem " file and just paste the plaintext of my SSL cert in, is it fully pem encoded or do I have to further process it?

2. What if I create a new "cert. crt " file? Could I just paste the plaintext of my SSL cert in there as well without further encoding?

3. Could either file now be passed as a client cert in HTTPS requests?

Edit: As @Marc mentioned, I should have said "text" above rather than "plaintext". Aside from the headers, the cert is not in plaintext.

Answer 1

What you call "plaintext" is PEM encoding , which is base-64 encoding of a DER (or BER or CER) file with extra headers.

.crt is commonly used for PEM encoding. But the actual extension does not matter.

You can definitely use the shown certificate in your client (how to do so depends on the language used).

However, you will need the key . If you sent a CSR to them, the key should already be in your possession (you sent them the public key as part of the CSR, but the private key stayed with you). If you did not send them a CSR, they generated the key pair for you and should have a way to download the private key.