Convert .crt file to .cer and .key
I was asked to help convert the certificate for renewal. I was provided with a domainname.crt file along with some intermediate .crt files, but no .key file. They want me to convert the CRT to a .CER and .KEY file.
I've reviewed the following (among many other sites), but they either say that I need a .key file that I don't have, or that I have to install it locally and then export it, but when using MMC and trying to export it. .PFX option is grayed out.
http://community.spiceworks.com/topic/367133-i-cant-convert-a-ssl-crt-to-pfx-i-need-help-with-this
I also tried the OpenSSL PKCS12 -EXPORT ... command to convert it to .P12 and I get the error "unable to load private key". If I open it and select "Copy to file ..." I can get a .CER file, but no more.
Thank you for your help.
source to share
Is the private key in the certificate file? In other words, in this section that starts with
-----BEGIN RSA PRIVATE KEY-----
in file?
If not, then the private key is stored in a separate file.
In any case, in order to renew the certificate, you do not need a certificate, but a Certificate Signing Request (CSR) that you send to the CA and you will receive a certificate in return (alternatively, in some cases, the CA may generate a new certificate using the previous one saved CSR).
You can create a new key with
openssl genrsa -out <private key file name> 2048
then generate CSR with:
openssl req -new -key <private key file name> -out <csr file name>
You save the key, send the CSR to the CA. When you return it, you will receive a certificate that, along with intermediate certificates and a private key, must be provided to the software you are using. In some cases they need to be in separate files, in others you can simply combine them into one file.
source to share
You don't need to convert CRT to PFX. You can convert CRT to CER and from there upload it to your certificate store.
- Right-click the CRT file and choose Open.
- Click on the Details tab.
- Click "Copy to file ..."
- Click Next.
- Select the "X.509 (.CER) Base-64 encoded" option and click Next.
- Give the export file a name (for example, "www.mysite.com-2019.cer") and click Save.
- Click Next.
- Confirm the details and click "Finish".
- Open IIS and go to the Server Certificates page.
- Click Finish Certificate Request (right).
- Select the new CER file, provide a friendly name of your choice (for example, "www.mysite.com-2019") and click "OK".
You should see a new certificate listed on the Server Certificates page under the Friendly Name you have chosen.
source to share