.key and .crt SSL files for the Snapt Aria Website Accelerator
  • 28 Dec 2021
  • 1 Minute to read
  • Dark
    Light

.key and .crt SSL files for the Snapt Aria Website Accelerator

  • Dark
    Light

The Snapt Aria Web Accelerator requires a separate .key file and then your regular .crt file.

The key is a standard RSA key file in plain text and should look like this –

-----BEGIN RSA PRIVATE KEY----- 

(REQUIRED: Your Private Key: example.key) 

-----END RSA PRIVATE KEY-----

The .crt contains the certificate your certificate authority gave you and any intermediaries they might require one after the other as shown below —

-----BEGIN CERTIFICATE----- 

(REQUIRED: Your Primary SSL certificate: example.crt) 

-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 

(OPTIONALLY: Your Intermediate certificate: NetworkSolutions_CA.crt) 

-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 

(OPTIONALLY: Your Root certificate: TrustedRoot.crt) 

-----END CERTIFICATE-----

Self Signed Certificate – Using Openssl – for development purposes

The following command can be used to generate a key file and a self-signed certificate:

openssl req -x509 -newkey rsa:4096 -sha256 -keyout private_key.key -out server_cert.crt -days 365 -subj '/CN=linux-server' -nodes
  • -nodes – refers to no DES ( Data Encryption Standard) – key file produced will not be encrypted.
  • -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com" - include this option to avoid being prompted for information during key and certificate creation. Useful for generating keys and certificates during automated processes.
  • -sha256 – includes the option to use the SHA-2 hash algorithm

For more advanced options, like specifying subject alternative DNS names and IP,
the following command can be used:

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ -keyout example.key -out example.crt -extensions san -config \ <(echo "[req]"; echo distinguished_name=req; echo "[san]"; echo subjectAltName=DNS:sample.com,DNS:sample.net,IP:172.0.10.1) -subj /CN=example.com

An alternative way to specify advanced configuration options is by using a
config file. The config included in the CLI command above is put in a file as
follows:

[req] 

distinguished_name=req 

[san] 

subjectAltName=DNS:sample.com,DNS:sample.net,IP:172.0.10.1

The filename is then included in the CLI command as shown below:

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout example.key -out example.crt -extensions san -config config.test -subj/CN=example.com

The generated key and certificates files can then be upload for use by the Snapt Aria
Web Accelerator.

You can test your SSL install with our free tool.