how to get an OpenSSL .pem file from .key and .crt files?

how to get an OpenSSL .pem file from .key and .crt files?

怎么通过.key和.crt file得到.pem file?

当你有了.key和.crt文件时,你已经有了密匙并且是pem格式,只不过文件的后缀名是.key和.crt.

下面描述如何进行转换。

如果源文件(.key和.crt)是以二进制编码,那么对于.crt文件,可用下面指令进行转换从而得到.pem文件

openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem

对于.key文件,可用下面指令进行转换从而得到.pem文件

openssl rsa in place of openssl x509.

openssl rsa -inform DER -outform PEM -in server.crt -out server.crt.pem

.key文件和.crt文件的区别?

.key就像是你的私有密匙,private key。

.crt file 可以看成是公共密匙,is the returned, signed, x509 certificate.

如果这个.pem文件是用在web服务器的,而你又不能指定是加载私有密匙还是公共密匙,那么你就需要把两个(.key和.crt)结合起来生成一个.pem文件,生成方法如下

cat server.crt server.key > server.includesprivatekey.pem


原文出处:http://stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files

英文:

Your keys may already be in PEM format, but just named with .crt or .key.

If they begin with —–BEGIN and you can read them in a text editor (they use base64, which is readable in ASCII, not binary format), they are in PEM format.

If the file is in binary, for the server.crt, you would use openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem

For server.key, use openssl rsa in place of openssl x509.

The server.key is likely your private key, and the .crt file is the returned, signed, x509 certificate.

If this is for a Web server, and you cannot specify loading a separate private and public key, you may need to concatenate the two files. For this use: cat server.crt server.key > server.includesprivatekey.pem. I would recommend naming files with “includesprivatekey” to help you manage the permissions you keep with this file.

发表评论

电子邮件地址不会被公开。 必填项已用*标注