Sometimes, some SSL authorities deliver certificate in .crt format but we need in .pem format – like in case of Rackspace Load Balancers. Right now, the reason to get mad with SSL Certificate is upcoming HTTP 2.0 protocol. Performing a search about SSL performing a on this website can help you to learn what possibly you need to know. For server only; reading guides like how to Install Comodo SSL Certificate on Rackspace Cloud Server will work fine. But for loadbalancers on Rackspace, we only need to copy paste the certificates. One is the Private Key and the other is the stuff what you have paid for – SSL certificate in .pem format.
What You Need To Know Before How To Convert SSL .crt Certificate to .pem
PEM is the abbreviation of Privacy-enhanced Electronic Mail. PEM is an IETF proposed for Privacy Protection. Sometimes, to save money, the Certificate Authorities even do not add the certificate as attachment but only sends the certificate in this way at the end of the email :
letters and digits
It is difficult to say whether that is a
.pem file or not. Obviously, renaming
.crt file to
.pem or vice versa will not work. There are online tools to check, mostly these are
.crt. Also if nothing written, you copy paste the whole code as plain text and can save them as various extensions and test in this way :
openssl x509 -in your-domain.pem -text -noout
openssl x509 -in your-domain.cer -text -noout
openssl x509 -in your-domain.crt -text -noout
Proper format will give you the right info without any error.
How To Convert SSL .crt Certificate to .pem
You can convert on your Mac, GNU Linux computer or on Server after doing SSH. Just make sure that; the folder contains all the files you used to generate the CSR file – the private key, the .crt file and if more things are there, although we will not need all.
cd to that directory. This old set of command, possibly does not work anymore :
openssl x509 -in hostname.crt -inform DER -out hostname.crt.pem -outform PEM
openssl rya -in hostname.key -out hostname.key.pem -outform PEM
But, this set will work :
openssl pkcs12 -export -in hostname.crt -inkey hsotname.key -out hostname.p12
openssl pkcs12 -in hostname.p12 -nodes -out hostname.pem
Actually we were working for a conversation, the above one is from a gist, who
discovered it is unknown (I copied in textedit and closed the windows). Documentation about pkcs will be available here :