将.crt文件转换为.cer和.key [英] Convert .crt file to .cer and .key
问题描述
我被要求帮助转换证书以进行续订.我得到了domainname.crt文件以及一些中间的.crt文件,但没有.key文件.他们要我将CRT转换为.CER和.KEY文件.
I was asked to help converting a certificate for a renewal. I was given the domainname.crt file along with some intermediate .crt files, but no .key file. They want me to convert the CRT to both a .CER and a .KEY file.
我看过以下内容(在许多其他网站中),但他们要么说我需要我没有的.key文件,要么我必须在本地安装它,然后将其导出,但是在使用MMC时并尝试将其导出..PFX选项显示为灰色.
I have looked at the following (among many other sites) but they either say I need the .key file, which I don't have, or that I have to install it locally and then export it, but when using MMC and trying to export it the .PFX option is grayed out.
http://community.spiceworks.com/topic/367133-i-cant-convert-a-ssl-crt-to-pfx-i-need-help-with-this
我还尝试了OpenSSL命令PKCS12 -EXPORT ...将其转换为.P12,但出现无法加载私钥"错误.如果我打开它并选择复制到文件...",则可以获得.CER文件,仅此而已.
I also tried the OpenSSL command PKCS12 -EXPORT... to convert it to a .P12 and I get an error for "unable to load private key". If I open it and choose "Copy To File..." I can obtain a .CER file but nothing more.
谢谢您的帮助.
推荐答案
证书文件中的私钥是否存在?换句话说,这里有一个以
Is the private key in the certificate file? In other words, in there a section that starts with
-----BEGIN RSA PRIVATE KEY-----
在文件中?
如果没有,则私钥存储在单独的文件中.
If not, then the private key is stored in a separate file.
在任何情况下,续订证书都不需要证书,但是您需要将证书签名请求(CSR)发送给CA,然后您将收到证书作为回报(或者,在某些情况下, CA可能会使用先前存储的CSR生成新证书的情况.
In any case, to renew a certificate, you don't need a certificate, but a certificate signing request (CSR), which you will send to the CA, and you will receive the certificate in return (alternatively, in some cases the CA may generate a new certificate using the previous stored CSR).
您可以使用以下方法生成新密钥:
You can generate a new key with:
openssl genrsa -out <private key file name> 2048
然后使用以下命令生成CSR:
then generate the CSR with:
openssl req -new -key <private key file name> -out <csr file name>
您保留密钥,将CSR发送到CA.返回时,您将获得证书,并将其与中间证书和私钥一起提供给所使用的软件.在某些情况下,它们需要放在单独的文件中,在其他情况下,您可以将它们集中在一起放在一个文件中.
You keep the key, send the CSR to the CA. On return, you get the certificate, which together with the intermediate certificates and the private key, should be provided to the software used. In some cases they need to be in separate files, in others you can just lump them up together in a single file.
这篇关于将.crt文件转换为.cer和.key的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
