Saminnet-Search Article Wiki Forum Piwigo SNS Cloud vtiger Sugar
OpenSSL key file

  • Data-Articles
    • Desa Nelayan Makmur (69) Fri02,20:43pm

      KALAUツdilihat Desa Bendar tidaklah berbeda dengan desa-desa lainnya. Berada di tepi sungai Juwana, kecamatan Juwana, kabupaten Pati, Jawa Tengah. Pun, tempat ini memiliki pelelangan ikan pula. Yang membedakan dengan desa-desa nelayan lainnya adalah rumah-rumah kokoh dan besar. Ya, desa nelayan ini bukanlah sembarangan desa nelayan. Kebanyakan warga desa ini adalah pengusaha kapal penangkap ikan.…


OpenSSL key file

Mostly dupeツHow to generate .key and .crt file from JKS file for httpd apache serverツ.

Allツfile extensions are only conventions; what matters is what operations you did to create a file, which you leave very vague. For one thing, it doesn't make sense to 'generate' both a CSR and a certificate; they do conflicting things.

Java KeyStoreツJKSツis the keystore format used by Java (currently; it is expected to change in Java 9). Peopleツoftenツname these filesツ.jksツbut if you usedツ.keystoreツin a command likeツkeytool -genkeypairツthat did not specifyツ-storetypeツthen you created a JKS file namedツ.keystore.

.cerツandツ.crtツare commonly used for files containing aツcertificate, or sometimes multiple certificates in PEM format. There areツtwo common formats, usually called by the names OpenSSL uses which areツDER and PEM. If you look at the file with normal text tools likeツmore cat type vi notepadツand you see a line likeツ-----BEGIN CERTFICATE-----ツ(possibly withツX.509ツinserted) and then several lines of almost all letters and digits and then a similarツ-----ENDツline that's PEM format. People sometimes use these extensions instead or in addition to designate the format likeツxyzcert.pem xyzcert.der xyz.crt.pem xyz.crt.der.

CSRツmeans Certificate Signing Request, which is generated (in this context) byツkeytool -certreq. A CSR is used as part of the process of obtaining a certificate from a 'real' CA like Verisign GoDaddy etc. In this case, you will normally get from the CA a certificate for your server AND a 'chain' or intermediate certificate (sometimes more than one); you put these in one or more file(s) and then import those into your JKS for use with Java programs like Tomcat etc. In this case your certificate file(s) would have been generated by the CA not by you.

If you don't get a cert from a CA, by defaultツkeytool -genkeypairツcreates a self-signed cert good for testing. You can put this cert into a separate file withツkeytool -exportcert [-rfc], and thatツisツa certificate you generated, but in that case you would not have any use for a CSR.

.keyツis sometimes used for a separateツ(private)keyツfile in one of several formats used by OpenSSL, and thus by programs that use OpenSSL like Apache httpd and nginx. The OpenSSL formats for privatekeys have DER and PEM variants much like certficates do, so people also use those extensions likeツxyzkey.pem xyzkey.der xyz.key.pem xyz.key.der.

Finally,ツPKCS12ツis another keystore format, supported by lots of software including Java, OpenSSL, Windows and Mozilla NSS. Often the extensionツ.p12ツis used for PKCS12. (PKCS12 is always binary; it has no PEM variant.)

TLDR: if you need OpenSSL-format separate files for privatekey and certificate(s) from a JKS-format keystore, first useツkeytoolツto convert to pkcs12 and then useツopensslツto convert pkcs12 to separate PEM (usually) or DER (rarely).


0 #1 Guest 2019-02-11 00:28
I was recommended this web site by my cousin. I am not sure whether
this post is written by him as no one else know such detailed about my trouble.

You're amazing! Thanks!

Feel free to surf to my blog ... Poker

Articles by Date

TweetTweet Share on LinkedInShare on LinkedIn Share on Google+Google+ Submit to RedditReddit Publish on WordPress WordPress Send emailSend email