我需要将.CER转换为.CRT以获得Apache SSL证书吗?如果是这样，怎么办? [英] Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?

问题描述

我需要使用SSL设置Apache 2服务器.

我有我的* .key文件，但是我在网上找到的所有文档，*.crt文件都已指定，并且我的CA仅向我提供了* .cer文件.

*.cer文件是否与* .crt相同?如果没有，如何将CER转换为CRT格式?

解决方案

加密证书的文件扩展名并没有像您期望的那样标准化.默认情况下，Windows将双击.crt文件作为将证书导入Windows根证书存储的请求，但是将.cer文件视为对查看证书的请求.因此，它们在某种意义上是不同的，因为Windows双击每种类型的文件时会产生一些固有的不同含义.

但是，当您双击Windows时，Windows处理它们的方式大约是两者之间的唯一区别.这两个扩展名仅表示它包含一个公共证书.您可以重命名证书文件，以在我所看到的任何系统或配置文件中使用一个扩展名代替另一个扩展名.在非Windows平台(甚至Windows)上，人们对使用的扩展名并不特别注意，并且可以将它们互换使用，只要文件内容正确无误，就可以将它们彼此区别开.

更令人困惑的是，有两种标准的方式将证书数据存储在文件中:一种是二进制" X.509编码，另一种是文本" base64编码，通常以"".它们对相同的数据进行编码，但是方式不同.大多数系统都接受两种格式，但是，如果需要，可以通过openssl或其他工具将其转换为另一种格式.证书文件中的编码实际上与某人给该文件的扩展名无关.

I need to setup an Apache 2 server with SSL.

I have my *.key file, but all the documentation I've found online, *.crt files are specified, and my CA only provided me with a *.cer file.

Are *.cer files the same as *.crt? If not, how can I convert CER to CRT format?

解决方案

File extensions for cryptographic certificates aren't really as standardized as you'd expect. Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate. So, they're different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file.

But the way that Windows handles them when you double-click them is about the only difference between the two. Both extensions just represent that it contains a public certificate. You can rename a certificate file to use one extension in place of the other in any system or configuration file that I've seen. And on non-Windows platforms (and even on Windows), people aren't particularly careful about which extension they use, and treat them both interchangeably, as there's no difference between them as long as the contents of the file are correct.

Making things more confusing is that there are two standard ways of storing certificate data in a file: One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with "-----BEGIN CERTIFICATE-----". These encode the same data but in different ways. Most systems accept both formats, but, if you need to, you can convert one to the other via openssl or other tools. The encoding within a certificate file is really independent of which extension somebody gave the file.

这篇关于我需要将.CER转换为.CRT以获得Apache SSL证书吗?如果是这样，怎么办?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！