Godaddy Certificate must be converted into X.509 PEM format

Hi, I need a conversion tool for my standard crt certificate from GoDaddy.  A simple google query just created more questions than answers.  Please assist
LVL 1
snoopaloopAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
either use openssl or https://www.sslshopper.com/ssl-converter.html to convert the certificate
Dave HoweSoftware and Hardware EngineerCommented:
It probably already is.

if you edit the cert file in notepad and it says -----BEGIN CERTIFICATE----- at the top, it's in PEM format already, job done :D

if it isn't, just double click it, Go to the details tab, and select "copy to file" - specify Base-64 encoded when asked for a selection, and it will save it in PEM for you.
btanExec ConsultantCommented:
First off, I suggest check the .CRT if it is encoded in binary DER or as ASCII PEM. If it is in the former, then you need to convert to the latter (intended) ASCII PEM form. The steps shared in http://info.ssl.com/article.aspx?id=12149

Eventually the ASCII PEM is as shared by experts on the Base64 formatted content and with the appropriate hdr and footer for those content. Specific to GoDaddy, maybe you can catch this to eventually have each PEM generated manually (after using the Openssl) into a single combined PEM for the domain and bundled certificates http://community.sophos.com/t5/Sophos-gateway-protection/OpenSSL-Guide-to-convert-and-install-certificates-on-an-email/td-p/50454
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

snoopaloopAuthor Commented:
@David Johnson - I'm new to this.   I went to the link but it's not clear what options I choose.
Capture.JPG
snoopaloopAuthor Commented:
@Dave Howe  -   The certificate contains begin certificate and end...
snoopaloopAuthor Commented:
I'm not sure why the Synology Diskstation does not accept the certificate if it is in the correct format.
btanExec ConsultantCommented:
So it is already in PEM format, try to strip all the text before "-----BEGIN CERTIFICATE-----" in the pem/crt file before importing it.

Regardless, also need to ensure the .key and the PEM crt are referred correctly as they are a pair of private and public keys e.g.  ssl.crt (containing the public certificate for your host and of GoDaddy CA) and the private key of your host (inside the ssl.key)
---
About importing certificate:
If you have a certificate issued by the trusted Certificate Authority (CA), please click Import Certificate to upload your own certificate and private key in order to host a valid SSL server. The certificate should match the private key. Please keep your private key safely.
---
Dave HoweSoftware and Hardware EngineerCommented:
Where was the CSR created? if it wasn't on the final destination, then presumably you also need to obtain the private key (from wherever you generated the CSR) and convert that to PEM too...
snoopaloopAuthor Commented:
Sorry, I've been unable to get access to the computer with the  certificate.  I will try again this week.
snoopaloopAuthor Commented:
CSR was generated by the Synology box.  No text before  "Begin certificate"
GoDaddy1.JPG
Synology1.JPG
snoopaloopAuthor Commented:
Attached is the synology interface...
synology2.JPG
David Johnson, CD, MVPOwnerCommented:
you also need the godaddy root and intermediate certificates to be installed.
snoopaloopAuthor Commented:
That does not look like it was included in the godaddy1.jpg that I downloaded from Godaddy.   Nor will the current one showing in that same attachment, process correctly when I upload.
btanExec ConsultantCommented:
Probably let checks all the steps in which any missing to stay in sync on the below. Note the import cert is as below. Indeed they are the .key and gd issued crt, and you need the gd1 intermediate bundle.
On the Import Certificate screen, click browse and import the following files.
Private Key: Select the server.key file that you saved on your computer earlier
Certificate: Select the signed certificate that you received from the certificate authority. The file name should be something like server.crt or yourdomainname.crt.
Intermediate Certificate: This field is optional. If the certificate authority provided an intermediate certificate, please import it here
https://www.synology.com/en-us/knowledgebase/tutorials/611

Get the CSR
1.      Download server.csr to your computer.
2.      Open server.csr with text editor and copy the text

Obtain a Certificate

Take the CSR to a Certificate Authority (CA) such as Godaddy.
Purchase a SSL Certificate (CRT).
Request or generate the CRT; you will need your CSR.
Godaddy requires that you request the CRT and will prompt you for your CSR. Paste in the text from the server.csr Godaddy has a certificate manager page when you log in to your account on their website.
Download the CRT. You may receive some additional files, but the CRT is the one that you really need.
The files may be zipped. If so, expand the files.

Download the server.key you created earlier to you computer.

Log in to DSM->Control Panel->DSM Settings->HTTP Service Tab
Click enable HTTPS connection
Click import certificate
Private key enter location of server.key
Certificate enter location of domain.crt you received from GoDaddy
Intermediate certificate enter location of the gd_bundle.crt you received from GoDaddy
Click OK
Click Apply

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snoopaloopAuthor Commented:
Awesome!  THat worked!!!
GoDaddy4.JPG
snoopaloopAuthor Commented:
Very complete answer.  Thank you!!
snoopaloopAuthor Commented:
Hey, why do I still get a prompt from chrome saying this is not a secure site even with the certificate?
btanExec ConsultantCommented:
there is recent chrome update on SSL cert support SHA will have warning
http://googleonlinesecurity.blogspot.sg/2014/09/gradually-sunsetting-sha-1.html
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.