I study openssl, I want: create a certificate of a certification authority and import it into a browser, as well as a certificate for the site.

I figured out that the certificate for the browser is created via makecert in crt format. And for openssl through openssl in pem format. How to convert from crt format to pem?

In short, the task: to create a certificate for firefox, so that when you start openssl s_server and connect the browser to https://127.0.0.1:4433/, the warning about an unverified certificate does not take off.

    2 answers 2

    Convert a DER file (.crt .cer .der) to PEM:

    openssl x509 -inform der -in certificate.cer -out certificate.pem

    Conversion of the PEM file to DER:

     openssl x509 -outform der -in certificate.pem -out certificate.der

    Convert the PKCS # 12 file, which contains the private key and certificate to PEM:

     openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

    Convert PEM file and private key to PKCS # 12:

     openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
    • Another would be to know what all these operations mean and why to perform them. ) - Nick Volynkin

    There is no need to translate anything in an openserver and so everything works !!!

    in the apache configuration file:

    SSLCertificateFile "% sprogdir% / userdata / config / cert_files / Site_name.crt"

    SSLCertificateKeyFile "% sprogdir% / userdata / config / cert_files / Site_name.key"

    • OpenServer has nothing to do with it. - D-side
    • You probably confused OpenSSL and OpenServer. The question concerns the first. - Nick Volynkin
    • Yes, exactly, well, sorry for the carelessness ((( - Edward Pertsev