1. Home
  2. Accelerator
  3. .key and .crt SSL files for the Accelerator
  1. Home
  2. Misc
  3. .key and .crt SSL files for the Accelerator

.key and .crt SSL files for the Accelerator

The Snapt Web Accelerator requires a separate .key file and then your regular .crt file.

The key is a standard RSA key file in plain text and should look like this –

-----BEGIN RSA PRIVATE KEY-----

(REQUIRED: Your Private Key: example.key)

-----END RSA PRIVATE KEY-----

The .crt contains the certificate your certificate authority gave you and any intermediaries they might require one after the other as shown below —

-----BEGIN CERTIFICATE-----

(REQUIRED: Your Primary SSL certificate: example.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(OPTIONALLY: Your Intermediate certificate: NetworkSolutions_CA.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(OPTIONALLY: Your Root certificate: TrustedRoot.crt)

-----END CERTIFICATE-----


Self Signed Certificate – Using Openssl – for development purposes

The following command can be used to generate a key file and a self-signed certificate:
openssl req -x509 -newkey rsa:4096 -sha256 -keyout private_key.key -out server_cert.crt -days 365 -subj '/CN=linux-server' -nodes
  • -nodes – refers to no DES ( Data Encryption Standard) – key file produced will not be encrypted.
  • -subj “/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com” – include this option to avoid being prompted for information during key and certificate creation. Useful for generating keys and certificates during automated processes.
  • -sha256 – includes the option to use the SHA-2 hash algorithm
For more advanced options, like specifying subject alternative DNS names and IP,
the following command can be used:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \

-keyout example.key -out example.crt -extensions san -config \

<(echo "[req]";

echo distinguished_name=req;

echo "[san]";

echo subjectAltName=DNS:sample.com,DNS:sample.net,IP:172.0.10.1) -subj /CN=example.com
An alternative way to specify advanced configuration options is by using a
config file. The config included in the CLI command above is put in a file as
follows:
[req]

distinguished_name=req

[san]

subjectAltName=DNS:sample.com,DNS:sample.net,IP:172.0.10.1

The filename is then included in the CLI command as shown below:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout example.key -out example.crt -extensions san -config config.test -subj/CN=example.com
The generated key and certificates files can then be upload for use by the Snapt

You can test your SSL install with our free tool.

Updated on July 19, 2019


Was this article helpful?

Related Articles