PEM文件是用于证书安装的证书容器,常用于导入多个构成完整链的证书。它包括可能包含私钥、公钥和根证书的层叠证书。本文介绍了如何使用openssl命令创建自签名PEM文件,以及如何从现有证书文件中构建PEM文件链,包括移除私钥密码和合并不同层级的证书。
Privacy Enhanced Mail (PEM) files are concatenated certificate containers frequently used in certificate installations when multiple certificates that form a complete chain are being imported as a single file. They are a defined standard in RFCs 1421 through 1424. They can be thought of as a layered container of chained certificates. A .pem file is a container format that may just include the public certificate or the entire certificate chain (private key, public key, root certificates):
- Private Key
- Server Certificate (crt, puplic key)
- (optional) Intermediate CA and/or bundles if signed by a 3rd party
How to create a self-signed PEM file
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pemHow to create a PEM file from existing certificate files that form a chain
- (optional) Remove the password from the Private Key by following the steps listed below:
Note: Enter the pass phrase of the Private Key.openssl rsa -in server.key -out nopassword.key
- Combine the private key, public certificate and any 3rd party intermediate certificate files:
Note: Repeat this step as needed for third-party certificate chain files, bundles, etc:cat nopassword.key > server.pem cat server.crt >> server.pemcat intermediate.crt >> server.pem
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
