Shulou(Shulou.com)06/01 Report--

SSL certificate suffix

Are you at a loss in the face of different suffix types of certificates? here is an introduction to several commonly used certificate suffix formats:

CSR-Certificate Signing Request, that is, certificate signing request, this is not a certificate, but a request to obtain a signing certificate from an authoritative certificate authority. Its core content is a public key (with some other information, of course). When generating this application, it will also generate a private key, which should be kept by yourself. Friends who have done iOS APP should know how to apply for a developer certificate from Apple.

KEY-usually used to hold an RSA public or private key, not an X.509 certificate, encoded the same, either PEM or DER.

CRT-CRT should be the three letters of certificate, in fact, it still means certificate. It is common in UNIX system. It may be PEM code, or DER code, and most of them should be PEM code. The CRT format provided by this site is equivalent to CER and PEM.

An acronym for PEM-Privacy Enhanced Mail, stored as text. Open and look at the text format with "--BEGIN..." At the beginning, "- END..." At the end, the content is BASE64 coding. View information about certificates in PEM format: openssl x509-in certificate.pem-text-noout Apache and * NIX servers prefer this encoding format.

CER-or certificate, or certificate, is common in Windows systems, similarly, it may be PEM coding, it may be DER coding, most of it should be DER coding.

DER-Distinguished Encoding Rules abbreviation, stored in binary format, the file structure can not be directly previewed, view the DER format certificate information: openssl x509-in certificate.der-inform der-text-noout Java and Windows servers prefer to use this encoding format.

PFX/P12-predecessor of PKCS#12, for Unix servers, the general CRT and KEY are stored separately in different files, but Windows's IIS stores them in a PFX file. (so this file contains certificates and private keys). Is that not secure? I don't think so. PFX usually has an "extract password". If you want to read out the contents, it requires you to provide the extraction password, DER code used by PFX, and how to convert PFX to PEM code?

JKS-that is, Java Key Storage, which is Java's patent, has little to do with OpenSSL. Using a tool called "keytool" from Java, you can convert PFX into JKS, and of course, keytool can also generate JKS directly.

GDCA (Digital Amplification Times) has independently issued the letter easy TrustAUTH SSL certificate and is an international well-known brand: GlobalSign, Symantec, GeoTrust SSL certificate domestic gold agents, to meet all kinds of users' various requirements for SSL, the majority of users can apply for the appropriate SSL certificate from GDCA according to their own needs, and the professional team of GDCA will provide you with the best HTTPS solution.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.