What is .crt and .key files and how to generate them?

crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate.

It’s only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container.

You have several ways to generate those files, if you want to self-sign the certificate you can just issue this commands

openssl genrsa 2048 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha256 -days 365 -key host.key -out host.cert

Note that with self-signed certificates your browser will warn you that the certificate is not “trusted” because it hasn’t been signed by a certification authority that is in the trust list of your browser.

From there onwards you can either generate your own chain of trust by making your CA or buy a certificate from a company like Verisign or Thawte.

Leave a Comment