Do I need to convert CER to CRT for Apache SSL certificates If so how

Question

I need to setup an Apache 2 server with SSL   I have my   key file  but all the documentation I ve found online    crt files are specified  and my CA only provided me with a   cer file   Are   cer files the same as   crt  If not  how can I convert CER to CRT format

User · Answer

Basically there are two CER certificate encoding types, DER and Base64. When type DER returns an error loading certificate (asn1 encoding routines), try the PEM and it shall work.

openssl x509 -inform DER -in certificate.cer -out certificate.crt

openssl x509 -inform PEM -in certificate.cer -out certificate.crt

User · Answer

According to documentation mod ssl   SSLCertificateFile      Name  SSLCertificateFile    Description  Server PEM-encoded X 509 certificate file   Certificate file should be PEM-encoded X 509 Certificate file   openssl x509 -inform DER -in certificate cer -out certificate pem

User · Answer

Just do  openssl x509 -req -days 365 -in server cer -signkey server key -out server crt

User · Answer

Here is one case that worked for me if we need to convert  cer to  crt  though both of them are contextually same openssl pkcs12 -in identity p12 -nokeys -out mycertificate crt  where we should have a valid private key  identity p12  PKCS 12 format  this one i generated from keystore   jks file  provided by CA  Certification Authority  who created my certificate

User · Answer

The answer to the question how to convert a  cer file into a  crt file  they are encoded differently   is   openssl pkcs7 -print certs -in certificate cer -out certificate crt

User · Answer

CER is an X 509 certificate in binary form  DER encoded  CRT is a binary X 509 certificate  encapsulated in text  base-64  encoding    It is not the same encoding

User · Answer

If your cer file has binary format you must convert it by  openssl x509 -inform DER -in YOUR CERTIFICATE cer -out YOUR CERTIFICATE crt

User · Answer

I use command    openssl x509 -inform PEM -in certificate cer -out certificate crt  But CER is an X 509 certificate in binary form  DER encoded  CRT is a binary X 509 certificate  encapsulated in text  base-64  encoding   Because of that  you maybe should use   openssl x509 -inform DER -in certificate cer -out certificate crt  And then to import your certificate   Copy your CA to dir    usr local share ca-certificates   Use command    sudo cp foo crt  usr local share ca-certificates foo crt  Update the CA store   sudo update-ca-certificates

User · Answer

File extensions for cryptographic certificates aren t really as standardized as you d expect  Windows by default treats double-clicking a  crt file as a request to import the certificate into the Windows Root Certificate store  but treats a  cer file as a request just to view the certificate  So  they re different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file    But the way that Windows handles them when you double-click them is about the only difference between the two  Both extensions just represent that it contains a public certificate  You can rename a certificate file to use one extension in place of the other in any system or configuration file that I ve seen  And on non-Windows platforms  and even on Windows   people aren t particularly careful about which extension they use  and treat them both interchangeably  as there s no difference between them as long as the contents of the file are correct   Making things more confusing is that there are two standard ways of storing certificate data in a file  One is a  binary  X 509 encoding  and the other is a  text  base64 encoding that usually starts with  -----BEGIN CERTIFICATE-----   These encode the same data but in different ways  Most systems accept both formats  but  if you need to  you can convert one to the other via openssl or other tools  The encoding within a certificate file is really independent of which extension somebody gave the file

User · Answer

The  cer and  crt file should be interchangable as far as importing them into a keystore    Take a look at the contents of the  cer file  Erase anything before the -----BEGIN CERTIFICATE----- line and after the -----END CERTIFICATE----- line  You ll be left with the BEGIN END lines with a bunch of Base64-encoded stuff between them   -----BEGIN CERTIFICATE----- MIIDQTCCAqqgAwIBAgIJALQea21f1bVjMA0GCSqGSIb3DQEBBQUAMIG1MQswCQYD     pfDACIDHTrwCk5OefMwArfEkSBo  -----END CERTIFICATE-----   Then just import it into your keyfile using keytool   keytool -import -alias myalias -keystore my keystore -trustcacerts -file mycert cer

User · Answer

I assume that you have a  cer file containing PKCS 7-encoded certificate data and you want to convert it to PEM-encoded certificate data  typically a  crt or  pem file    For instance  a  cer file containing PKCS 7-encoded data looks like this     -----BEGIN PKCS7----- MIIW4gYJKoZIhvcNAQcCoIIW0zCCFs8CAQExADALBgkqhkiG9w0BBwGggha1MIIH     POI9n9cd2cNgQ4xYDiKWL2KjLB 6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G  bKhADEA -----END PKCS7-----   PEM certificate data looks like this     -----BEGIN CERTIFICATE----- MIIHNjCCBh6gAwIBAgIQAlBxtqKazsxUSR9QdWWxaDANBgkqhkiG9w0BAQUFADBm     nv72c OV4nlyrvBLPoaS5JFUJvFUG8RfAEY  -----END CERTIFICATE-----   There is an OpenSSL command that will convert  cer files  with PKCS 7 data  to the PEM data you may be expecting to encounter  the BEGIN CERTIFICATE block in the example above    You can coerce PKCS 7 data into PEM format by this command on a file we ll call certfile cer    openssl pkcs7 -text -in certfile cer -print certs -outform PEM -out certfile pem  Note that a  cer or  pem file might contain one or more certificates  possibly the entire certificate chain

[apache] Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?

Examples related to apache

Examples related to ssl