Pocket writes:
On Dec 14, 2023, at 2:23 PM, Linux-Fan <Ma_Sys.ma@web.de> wrote: > Pocket writes:
[...]
> > Should the suffix of the file be .pem as the certs that are referenced by > > the conf file seem to be in PEM format?> > Stick to what the program expects and use .crt Ok what format DER, PEM or some form of PKC?
Use PEM-format with file extension .crt.
DER and PEM both use crt.
Yes, although PEM seems to be more common per my anecdotical understanding because for DER format, `.cer` seems to be more prevalent.
One cert for file or multiple? Notice the docs do not specify.
Indeed they don't specify this directly. If you take the examples into consideration, they may shed some light on this, though:
$ xxd < /usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt 00000000: 2d2d 2d2d 2d42 4547 494e 2043 4552 5449 -----BEGIN CERTI 00000010: 4649 4341 5445 2d2d 2d2d 2d0a 4475 6d6d FICATE-----.Dumm 00000020: 7920 526f 6f74 2043 4120 6669 6c65 3b20 y Root CA file; 00000030: 7265 706c 6163 6520 6974 2077 6974 6820 replace it with 00000040: 7468 6520 5045 4d2d 656e 636f 6465 6420 the PEM-encoded 00000050: 726f 6f74 2063 6572 7469 6669 6361 7465 root certificate 00000060: 0a2d 2d2d 2d2d 454e 4420 4345 5254 4946 .-----END CERTIF 00000070: 4943 4154 452d 2d2d 2d2d 0aI used the xxd just because I was unsure of the format and within the first lines one can recognize the familiar --BEGIN CERTIFICATE-- lines that are typical for PEM certificates. Additionally, there is some text that explicitly explains that this should resemble a PEM file (I find this example odd, because it is obviously not a valid PEM since that would be base64 encoded?)
Additional info can be gained from the README.Debian: ~~~ $ head -n 5 /usr/share/doc/ca-certificates/README.Debian The Debian Package ca-certificates ---------------------------------- This package includes PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections. ~~~Concluding from both of these documentation pieces it looks like the PEM format is indeed hinted at although maybe not as obviously as it could be.
It does not answer the question about multiple certificates in one file, though.
[...] HTH Linux-Fan öö
Attachment:
pgpfadZJtgiUl.pgp
Description: PGP signature