Create CRT File on Linux

How to Create a CRT File on Linux

If you want to learn how to create a CRT file on Linux to check certificate validity during the testing phase or for internal usage, you have come to the right place. Continue reading the article to find out more.

A security certificate file with the .crt extension is a certificate that websites use to build a secure connection with the server. This certificate allows websites to send sensitive data over the internet. Sensitive data may include user credentials, payment details, bank transactions, etc.

In this article, we will explain how to create self-signed CRT certificates using the OpenSSL tool in Linux. So, let’s get started. 

Difference Between Self-Signed Certificates and CA-Signed Certificates

A self-signed certificate is a certificate signed by the user itself. On the other hand, the CA Signed Certificate is signed by an external authority, and web browsers trust the certificate signed by an external authority. This is because those certificates are verified by the authorities such as Letsencrypt, DigiCert, and Globalsign. 

On the other hand, the signing authorities do not verify self-signed certificates. Therefore, the clients do not trust certificates. However, using the self-signed certificate for development and testing purposes is acceptable. 

Prerequisites

For this tutorial, ensure that you have the OpenSSL tool installed on your Linux machine. In addition, this tutorial requires root access or the sudo privilege to your account. 

How to Create a CRT File on Linux

This tutorial will first cover CRT certificate generation. Then we will discuss how to use it in Linux.

Verify the OpenSSL Version

First, open the terminal by pressing “Ctrl + Alt + T”. Check for the OpenSSL version by typing the command given below:

openssl version

You should get a similar output:

create a crt on linux

In case, if the OpenSSL tool does not exist, install it by executing the command given below:

sudo apt-get update -qq
sudo apt-get install -y openssl

Generate an RSA Private Key File

Now that OpenSSL exists in the system, we will generate a private key. To generate the private key on your Linux machine using the OpenSSL command. Specifically, type:

openssl genrsa -out private.key
openssl genrsa -des3 -passout pass:x -out keypair.key 2048

The output should look something like this:

Create a certificate file

From the output, it is clear the machine has generated a private SSL key using the RSA algorithm. 

Create a Certificate Signing Request (CRS) File

In this step, we will use the generated certificate file and turn it into a CRT file. For this step, we will add the .crt extension. 

Input:

openssl req -new -key private.key -out request.csr

The command will prompt you to enter information such as country name, state, etc. Press the “Enter” key to skip entering the information. However, it is better to provide the correct information in this process. It should look something like this:

create a crt file

Once you have generated the .csr file, you can check it by executing the command given below:

ls request.csr

Output:

create a crt file on linux

Create a CRT Certificate on Linux

Now, to create the CRT certificate using the .crt file, execute the command given below:

openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt

The output should look something like this:

openssl

Verify the CRT File on Linux

To check whether the file has been created successfully or not, use the cat command. For example, type:

cat certificate.crt

The output should show the certificate content:

view certificate content

Alternatively, use the find command to find the file. If the file exists, it will appear. Specifically, type:

find -name certificate.crt -print

In addition, you can also use the locate command as shown below:

locate certificate.crt > cat certificate.crt

Finally, you have successfully generated the CRT certificate. Make sure to back up the key to external storage to keep it safe.

Configure the Server to Use the Certificate Files

Now that we’ve created the certificate, we can now test it on the server. For this process, first, we will install the mod_ssl package. Specifically, input:

sudo yum install mod_ssl

Wait for the installation to complete. After that, place the ssl.conf file in the /etc/httpd/conf.d/ directory. After that, open the file using your preferred text editor:

#vim editor
sudo vi /etc/httpd/conf.d/ssl.conf
#nano
sudo nano /etc/httpd/conf.d/ssl.conf

Scroll down until you find the following line:

SSLCertificateFile

Update the path with the path to your certificate file. Press “Ctrl + S” to save and exit the editor. Now, restart the Apache server using the restart command:

sudo apachectl restart

Now, the next time you connect to your IP Address via HTTPS, you will get a warning that your certificate is not trusted. 

And you’re done! When Apache restarts, it will be configured to allow SSL connections by using the generated self-signed SSL certificates.

In this article, we have looked at the certificate (.crt), and private key (.key) files that we use for setting up an HTTPS server that is essential for setting up an HTTPS server. In addition, we also discussed the difference between certificates signed by an external authority and self-signed certificates. 

Lastly, we generated the CRT certificates and used them with the Apache server. 

If this article helped you, please share it.

Leave a Reply
Related Posts