2009-12-13

nginx ssl setup : .crt -> .p12 -> .pem + .key

Initial .crt file could be converted to .p12 format with nice open source app portecle. By the way portecle seems to be more convenient than keytool and couple of other tools.

Then you'd better transfer that file to your target server. There you must have opensll installed and the next commands use it.
So you cast those (zzz should be changed of course) to get your key and pem files for nginx https transport:
openssl pkcs12 -nokeys -in zzz.p12 -out zzz.pem
openssl pkcs12 -nocerts -nodes -in zzz.p12 -out zzz.key


Please note that key is not encrypted, so beware (and that's another reason to transfer all .p12 to your target server beforehand).

UPD: well, those commands dump the certificate chain in random order. I was able to use encryption via Firefox, but java SSE did not validate the certificate chain and refused to connect. You'll have to toss the raw text certificates around for SSL to work.

No comments: