OpenSSL certificate creation and pem/cer output

Question

There are a few similar question here, but none of them answered my case. I am attempting to get an SSL certificate to work in CURL over HTTPS for a web service.

First, I created the csr

openssl req -newkey rsa:2048 -keyout myserver_private.key -out myserver_pkcs10.csr

I have both of these files on my linux box.

I sent the csr file to be signed by the web service and they sent back:

signingauthority_Root_CA.crt, myserver_pkcs10.csr, theirserver_CA.crt

For my curl_setopt($ch, CURLOPT_SSLCERT, "?.pem"); I now need the .pem file. How do I create this and from which file? theirserver_CA.crt?

Do I also need to use curl_setopt($ch, CURLOPT_CAINFO, "?.cer"); and if so, how do I create this .cer file? Is this the intermediary aka signing authority?

Answer 1

Open the *.crt files with a text editor. If they are PEM, they wil contain blocks of Base64 text delimited with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

If that's the case, simply rename the file.

If the file is a binary file it is DER. To convert to Base64 (PEM) use:

openssl x509 -in <DER filename> -outform PEM -out <PEM filename>

The CURLOPT_CAINFO will be theirserver_CA.crt

I'd have thought the CA would have sent back myserver.crt too, which would be used for CURLOPT_SSLCERT.

Use:

openssl x509 -noout -subject -issuer -in <PEM file>

to view the subject and issuer of each certificate in order to work out what you've been sent.