Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?

Tags:

ssl

apache

People also ask

What is cer format in certificate?

What is a CER file? A file with an extension .cer is responsible for storing some information about the owner certificate and the specific public key. This format of files cannot store the private keys and have the capacity to store only one certificate which is x509.

File extensions for cryptographic certificates aren't really as standardized as you'd expect. Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate. So, they're different in the sense that Windows has some inherent different meaning for what happens when you double click each type of file.

But the way that Windows handles them when you double-click them is about the only difference between the two. Both extensions just represent that it contains a public certificate. You can rename a certificate file to use one extension in place of the other in any system or configuration file that I've seen. And on non-Windows platforms (and even on Windows), people aren't particularly careful about which extension they use, and treat them both interchangeably, as there's no difference between them as long as the contents of the file are correct.

Making things more confusing is that there are two standard ways of storing certificate data in a file: One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with "-----BEGIN CERTIFICATE-----". These encode the same data but in different ways. Most systems accept both formats, but, if you need to, you can convert one to the other via openssl or other tools. The encoding within a certificate file is really independent of which extension somebody gave the file.


Basically there are two CER certificate encoding types, DER and Base64. When type DER returns an error loading certificate (asn1 encoding routines), try the PEM and it shall work.

openssl x509 -inform DER -in certificate.cer -out certificate.crt

openssl x509 -inform PEM -in certificate.cer -out certificate.crt


According to documentation mod_ssl:

SSLCertificateFile: 
   Name: SSLCertificateFile
   Description: Server PEM-encoded X.509 certificate file

Certificate file should be PEM-encoded X.509 Certificate file:

openssl x509 -inform DER -in certificate.cer -out certificate.pem

CER is an X.509 certificate in binary form, DER encoded.
CRT is a binary X.509 certificate, encapsulated in text (base-64) encoding.

It is not the same encoding.

Related questions

error_log per Virtual Host?
How to change port number for apache in WAMP
Apache shows PHP code instead of executing it
Apache VirtualHost 403 Forbidden
How to enable local network users to access my WAMP sites?
How to check what user php is running as?
Laravel blank white screen
What exactly is a pre-fork web server model?
WAMP/XAMPP is responding very slow over localhost
Does PHP have threading?
Understanding Apache's access log
deny direct access to a folder and file by htaccess
Error during SSL Handshake with remote server
Internal Error 500 Apache, but nothing in the logs?
How to change XAMPP apache server port?
How can I force users to access my page over HTTPS instead of HTTP?
How to change the default encoding to UTF-8 for Apache
Chrome net::ERR_INCOMPLETE_CHUNKED_ENCODING error
How to debug an apache virtual host configuration?
How to prevent http file caching in Apache httpd (MAMP)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!