SSL/TLS certificate management (key, crt, and pem)
Question
I have a question about TLS/SSL (self-signed certificates)
I am trying to open a connection using several tools (ncat, socat) by using TLS/SSL. Of course first i need to generate certificate. (Key is a KEY, and Cert is a CERT, PEM is an encoded format). I have found 2 different ways.
1) openssl req -new -x509 -keyout test-key.pem -out test-cert.pem.
2) openssl req -newkey rsa:2848 -nodes -keyout test.key -x589 -out test-cert.crt
cat test-key.key test-cert.crt > test-pem.pem
My questions:
- Why at the end of the day we combine CERT with KEY? Should not CERT already have KEY inside?
- Why on most tutorials, we send(by listener on socat/ncat) key with cert, if cert already have a key?
(Assume we do not verify cert)
Thanks for support.
SOLVED.
1 answers
solution1
0 ACCPTED 2021-02-06 21:12:12
Should not CERT already have KEY inside?
The certificate has the public key inside. The key file is the private key. The public key can be visible to others (as does the rest of the certificate), the private key should be kept secret.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.