What is .crt and .key files and how to generate them?

I've the following configuration:

SSLEngine on
SSLCertificateFile /etc/httpd/conf/login.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/login.domain.com.key
SSLCipherSuite ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

but I don't know how to generate .crt and .key files.


Solution 1:

crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate.

It's only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container.

You have several ways to generate those files, if you want to self-sign the certificate you can just issue this commands

openssl genrsa 2048 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha256 -days 365 -key host.key -out host.cert

Note that with self-signed certificates your browser will warn you that the certificate is not "trusted" because it hasn't been signed by a certification authority that is in the trust list of your browser.

From there onwards you can either generate your own chain of trust by making your CA or buy a certificate from a company like Verisign or Thawte.

Solution 2:

These are the public (.crt) and private (.key) parts of an SSL certificate. See this question for a plethora of relevant information, e.g. if you want to generate a cert yourself, or buy one.