如何将.pem 转换成.key?

我已经购买了 SSL 证书,我已经收到证书和一个。作为私钥的 pem 文件?从供应商,现在我需要转换这个。把 Pem 键插入。比特纳米红雷 Apache HTTP Server 的钥匙。

我怎么去做这个什么程序或命令来做这个?我是一个新手在使用 Opensl 等做到这一点。

如有任何建议,我将不胜感激!

谢谢你。

333667 次浏览
小开

I assume you want the DER encoded version of your PEM private key.

openssl rsa -outform der -in private.pem -out private.key
小开

If you're looking for a file to use in httpd-ssl.conf as a value for SSLCertificateKeyFile, a PEM file should work just fine.

See this SO question/answer for more details on the SSL options in that file.

Why is SSLCertificateKeyFile needed for Apache?

小开

CA's don't ask for your private keys! They only asks for CSR to issue a certificate for you.

If they have your private key, it's possible that your SSL certificate will be compromised and end up being revoked.

Your .key file is generated during CSR generation and, most probably, it's somewhere on your PC where you generated the CSR.

That's why private key is called "Private" - because nobody can have that file except you.

小开 
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
小开

openssl rsa -in privkey.pem -out private.key does the job.

小开

just as a .crt file is in .pem format, a .key file is also stored in .pem format. Assuming that the cert is the only thing in the .crt file (there may be root certs in there), you can just change the name to .pem. The same goes for a .key file. Which means of course that you can rename the .pem file to .key.

Which makes gtrig's answer the correct one. I just thought I'd explain why.


提交答案