How to generate a .crt file?

  • Thread starter Thread starter Jeremy
  • Start date Start date
J

Jeremy

Hi,

I'm having difficulty importing a certificate signed by my Windows
2003 Enterprise Root CA into an Apache (OpenSSL) web server.

I have followed the standard procedures for securing IIS, however the
OpenSSL web server only accepts a .crt file, but the downloaded
certificate generated by the Windows 2003 Certificate Server is a .cer
file.

No matter what I do, I cannot get Certificate Services to generate a
file with a .crt file extension.

Can I simply rename the .cer to a .crt, or is this completely
incompatible?

The developer that supplied the application (web server) says that
"You would specify that you would like to recieve the signed
certificate in Apache format (OpenSSL)." I didn't know there were
different formats. There is certainly no way of telling Certificate
Services of this. I would assume that the Web Server certificate
template, within Certificate Services, provides an industry standard
certificate.

I would appreciate any advice.

Thanks,
Jeremy.
 
what encoding format do you need on the OpenSSL server? you should be able
to just rename the file to *.crt.
 
Hi,

I'm having difficulty importing a certificate signed by my Windows
2003 Enterprise Root CA into an Apache (OpenSSL) web server.

I have followed the standard procedures for securing IIS, however the
OpenSSL web server only accepts a .crt file, but the downloaded
certificate generated by the Windows 2003 Certificate Server is a .cer
file.

No matter what I do, I cannot get Certificate Services to generate a
file with a .crt file extension.

Can I simply rename the .cer to a .crt, or is this completely
incompatible?

The developer that supplied the application (web server) says that
"You would specify that you would like to recieve the signed
certificate in Apache format (OpenSSL)." I didn't know there were
different formats. There is certainly no way of telling Certificate
Services of this. I would assume that the Web Server certificate
template, within Certificate Services, provides an industry standard
certificate.

I would appreciate any advice.

Thanks,
Jeremy.
Click to expand...
Jeremy,

Based on previous experience, you need to ensure that you export the
issued certificate as a base-64 certificate, and then, as recommended by
David, simply rename the file to *.crt).

What the developer is talking about is how to designate the required
certificate to a commercial CA such as Verisign.

Brian
 
Thanks for that great information David and Brian.

I reissued the certificate as Base 64 encoded, rather than DER
encoded, and then renamed the extension to .crt, and it worked a
treat.

Cheers,
Jeremy.
 
Back
Top