Link to home
Start Free TrialLog in
Avatar of snoopaloop
snoopaloopFlag for United States of America

asked on

Godaddy Certificate must be converted into X.509 PEM format

Hi, I need a conversion tool for my standard crt certificate from GoDaddy.  A simple google query just created more questions than answers.  Please assist
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

either use openssl or https://www.sslshopper.com/ssl-converter.html to convert the certificate
It probably already is.

if you edit the cert file in notepad and it says -----BEGIN CERTIFICATE----- at the top, it's in PEM format already, job done :D

if it isn't, just double click it, Go to the details tab, and select "copy to file" - specify Base-64 encoded when asked for a selection, and it will save it in PEM for you.
Avatar of btan
btan

First off, I suggest check the .CRT if it is encoded in binary DER or as ASCII PEM. If it is in the former, then you need to convert to the latter (intended) ASCII PEM form. The steps shared in http://info.ssl.com/article.aspx?id=12149

Eventually the ASCII PEM is as shared by experts on the Base64 formatted content and with the appropriate hdr and footer for those content. Specific to GoDaddy, maybe you can catch this to eventually have each PEM generated manually (after using the Openssl) into a single combined PEM for the domain and bundled certificates http://community.sophos.com/t5/Sophos-gateway-protection/OpenSSL-Guide-to-convert-and-install-certificates-on-an-email/td-p/50454
Avatar of snoopaloop

ASKER

@David Johnson - I'm new to this.   I went to the link but it's not clear what options I choose.
Capture.JPG
@Dave Howe  -   The certificate contains begin certificate and end...
I'm not sure why the Synology Diskstation does not accept the certificate if it is in the correct format.
So it is already in PEM format, try to strip all the text before "-----BEGIN CERTIFICATE-----" in the pem/crt file before importing it.

Regardless, also need to ensure the .key and the PEM crt are referred correctly as they are a pair of private and public keys e.g.  ssl.crt (containing the public certificate for your host and of GoDaddy CA) and the private key of your host (inside the ssl.key)
---
About importing certificate:
If you have a certificate issued by the trusted Certificate Authority (CA), please click Import Certificate to upload your own certificate and private key in order to host a valid SSL server. The certificate should match the private key. Please keep your private key safely.
---
Where was the CSR created? if it wasn't on the final destination, then presumably you also need to obtain the private key (from wherever you generated the CSR) and convert that to PEM too...
Sorry, I've been unable to get access to the computer with the  certificate.  I will try again this week.
CSR was generated by the Synology box.  No text before  "Begin certificate"
GoDaddy1.JPG
Synology1.JPG
Attached is the synology interface...
synology2.JPG
you also need the godaddy root and intermediate certificates to be installed.
That does not look like it was included in the godaddy1.jpg that I downloaded from Godaddy.   Nor will the current one showing in that same attachment, process correctly when I upload.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Awesome!  THat worked!!!
GoDaddy4.JPG
Very complete answer.  Thank you!!
Hey, why do I still get a prompt from chrome saying this is not a secure site even with the certificate?
there is recent chrome update on SSL cert support SHA will have warning
http://googleonlinesecurity.blogspot.sg/2014/09/gradually-sunsetting-sha-1.html