Learning OpenSSL, I want to: create a certificate certificate for certification and import it into the browser, as well as a certificate for the site.
It was understood that the browser certificate is created through the MakeCERT in CRT format. And for OpenSSL via OpenSSL in PEM format. How from CRT format translate to PEM?
If short, task: Create a certificate for Firefox so that when you start OpenSSL S_SERVER and connect the browser to https://127.0.0.1:4433/ did not fly a warning about the unverified certificate.
Answer 1, Authority 100%
Convert DER file (.crt .cer .der) in PEM:
OpenSSL X509 -INFORM DER -IN CERTIFICATE.CER -OUT CERTIFICATE.PEM
Convert PEM file in Der:
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PKCS # 12 file, which contains a private key and a certificate in PEM:
OpenSSL pkcs12 -in keystore.pfx -out keystore.pem -nodes
Convert PEM file and private key in PKCS # 12:
OpenSSL PKCS12 -Export -out Certificate.Pfx -inkey PrivateKey.Key -in Certificate.CRT -CERTFILE CACERT.CRT
Answer 2
No need to translate into open server and so everything works !!!
In the Apache Configuration File:
sslcertificatefile “% sprogdir% / userdata / config / cert_files / name_sa.crt”
sslcertificatekeyfile “% sprogdir% / userdata / config / cert_files / name_set.key”