对于 Apache SSL 证书,我是否需要将 .CER 转换为 .CRT?如果是这样,如何? [英] Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?
问题描述
我需要使用 SSL 设置 Apache 2 服务器.
我有我的 *.key 文件,但我在网上找到的所有文档都指定了 *.crt 文件,而我的 CA 只为我提供了一个 *.cer 文件.
*.cer 文件是否与 *.crt 相同?如果不是,我如何将 CER 转换为 CRT 格式?
加密证书的文件扩展名并不像您期望的那样标准化.默认情况下,Windows 将双击 .crt 文件视为将证书导入 Windows 根证书存储的请求,但将 .cer 文件视为仅用于查看证书.因此,它们是不同的,因为 Windows 对双击每种类型的文件时发生的事情具有一些固有的不同含义.
但是当您双击它们时,Windows 处理它们的方式大约是两者之间的唯一区别.这两个扩展只代表它包含一个公共证书.您可以重命名证书文件以在我见过的任何系统或配置文件中使用一个扩展名代替另一个.而在非 Windows 平台上(甚至在 Windows 上),人们并不会特别注意他们使用的是哪个扩展名,而是将它们互换地对待,因为只要文件内容正确,它们之间就没有区别.
更令人困惑的是,在文件中存储证书数据有两种标准方式:一种是二进制"X.509 编码,另一种是通常以
I need to setup an Apache 2 server with SSL.
I have my *.key file, but all the documentation I've found online, *.crt files are specified, and my CA only provided me with a *.cer file.
Are *.cer files the same as *.crt? If not, how can I convert CER to CRT format?
File extensions for cryptographic certificates aren't really as standardized as you'd expect. Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate. So, they're different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file.
But the way that Windows handles them when you double-click them is about the only difference between the two. Both extensions just represent that it contains a public certificate. You can rename a certificate file to use one extension in place of the other in any system or configuration file that I've seen. And on non-Windows platforms (and even on Windows), people aren't particularly careful about which extension they use, and treat them both interchangeably, as there's no difference between them as long as the contents of the file are correct.
Making things more confusing is that there are two standard ways of storing certificate data in a file: One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with "-----BEGIN CERTIFICATE-----". These encode the same data but in different ways. Most systems accept both formats, but, if you need to, you can convert one to the other via openssl or other tools. The encoding within a certificate file is really independent of which extension somebody gave the file.
这篇关于对于 Apache SSL 证书,我是否需要将 .CER 转换为 .CRT?如果是这样,如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
