In summary, there are three different ways to present certificates and their components:
- PEM Governed by RFCs, it's used preferentially by
open-source software. It can have a variety of extensions (.pem, .key,
.cer, .cert, more)
- PKCS12 A private standard that provides enhanced
security versus the plain-text PEM format. It's used preferentially by
Windows systems, and can be freely converted to PEM format through use
of openssl.
- DER The parent format of PEM. It's useful to think
of it as a binary version of the base64-encoded PEM file. Not routinely
used by anything in common usage.
- key This is a PEM formatted file containing just the
private-key of a specific certificate. In Apache installs, this
frequently resides in
/etc/ssl/private.
1. Creating a self-signed certificate
(http://www.akadia.com/services/ssh_test_certificate.html)
1.1. Create a private key
openssl genrsa -des3 -out server.key 1024
1.2. Generate a certificate signing request (csr)
openssl req -new -key server.key -out server.csr
1.3. Generate a self-signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
1.4. Convert to PEM
openssl x509 -in server.crt -out server.der -outform DER
openssl x509 -in server.der -inform DER -out server.pem -outform PEM
| 
Меню сайта