What is .crt and .key files and how to generate them?
I've the following configuration:
SSLEngine on
SSLCertificateFile /etc/httpd/conf/login.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/login.domain.com.key
SSLCipherSuite ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
but I don't know how to generate .crt
and .key
files.
Solution 1:
crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate.
It's only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container.
You have several ways to generate those files, if you want to self-sign the certificate you can just issue this commands
openssl genrsa 2048 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha256 -days 365 -key host.key -out host.cert
Note that with self-signed certificates your browser will warn you that the certificate is not "trusted" because it hasn't been signed by a certification authority that is in the trust list of your browser.
From there onwards you can either generate your own chain of trust by making your CA or buy a certificate from a company like Verisign or Thawte.
Solution 2:
These are the public (.crt) and private (.key) parts of an SSL certificate. See this question for a plethora of relevant information, e.g. if you want to generate a cert yourself, or buy one.