What is SSL Certificate ?
An SSL certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology.
SSL stands for Secure Sockets Layer, and it is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private and secure.
SSL certificates are commonly used to secure online transactions such as online banking, online shopping, and online forms.
In this tutorial, we'll learn how to convert the .CRT file to PFX file.
Before that lets understand about the SSL certificate agenda, I have seen there are lot of people who gets confused a lot about certificate management in the real world.
First lets clarify this from scratch, and if you are still skeptical about the objective, please do not hesitate to comment below.
Lets understand why we need SSL, basically if you have a website or application you need to adhere to security standards.
Because if you are site is not SSL secured, then any attacker can hack your website in the middle when you are about to access from your local machine or from any device.
How to validate your site is secured or not, just visit any website on the browser, you could see a paddle lock icon which is assumed to be secure and your traffic is encrypted on this site, refer the below image.
SSL is always 443 (https) – which means your site is secured.
If the site is not secure,
then your site is not using any encryption and who ever use this site in this
manner then hackers can easily capture your details like username and password
or anything.
To make it working you need
either buy a ssl certificate from a third party or create you own self signed
certificate.
Lets assume that you applied
to get a ssl certificate for your website (www.xyzmaths.com) to any third party ssl issuer. For an example
it can be go daddy, digitcert, cloudflare.
You need to first fill out the CSR(Cerificate signing request) file for your website, it will have CN, state,organization name etc.
Comman Name (CN) – Should be
the FQDN of your site, which is in our case (www.xyzmaths.com) , When you are generating the CSR file with all
the required information, the server where you are generating the CSR will
create a private key file and gets stored in your system locally.
The private key file is the predominant file which is required to decrypt the traffic on the website.
Once you generate the CSR and submit to the SSL issuer, the issuer will sign the certificate and give it you by attaching the ROOT CA.
ROOT CA is nothing but which check your site and whether it is adhering to the security needs are not and sign them.
Now the third party Digi cert will add the ROOT CA certificate along with your public certificate file (which you need to place it on your server)
This public certificate file will hold the ceritificate of your website (www.xyzmaths.com) and root CA (DigiCert global root)
The CRT file is signed the issuer and binded with the digicert root CA and it is send through email.
You can see how it is binded by going to the cerificate path on the properties as shown below.
Save the root ca file in .crt
format, check the highlight path in the below image.
Now we will create the PFX
file out of the (www.xyzmaths.crt ) CRT file by using the below openssl commands.open
If you have linux machine
openssl is auto installed by default. If you have windows then follow below
instructions.
Go to below site and select
win 64 openssl EXE
https://slproweb.com/products/Win32OpenSSL.html
After that, search for open
ssl on your windows search and hit win64 openssl command prompt.
Command:
pkcs12 -export -out xyzmaths.pfx -inkey myprivatekey.txt -in www.xyzmaths.crt -certfile digicert.crt
0 Comments