Certificate Online Tool
If you are applying for the SSL certificate for the first time, if you are unfamiliar with how your server uses SSL certificates, we recommend that you use this set of tools, which support all SSL server certificate formats and various Web servers. Helps you generate CSR files online, crafting PFX, JKS, p7b, KDB, and Pem files online. If you need to check that the certificate is installed properly after you install the certificate, you can use our SSL certificate online checker.
Certificate Request Process
In the above process, you need to complete 2 tasks in addition to the geotrust to certify and issue the certificate part:
Production of CSR
• The digital certificate format that the server can recognize by combining the private key and the digital signature issued by the CA. (Apache can directly use the private key file and the CA-issued digital signature CRT file.) )
For information on how to import Ssl.key and ssl.crt into Apache, see:
Import of Apache server certificates
the generation of CSR
In the past, the generation of CSR mainly depended on the use of the Web server, various Web servers have their own generated CSR generation tools, to master the different server's CSR generation method, become quite cumbersome.
Now you can request the CSR file and the private key file (text format) by using the online CSR generator to generate a certificate that is based on the size of the standard, please be sure to save the Ssl.key file and the SSL.CSR file generated by the online tool. If you lose the Ssl.key file, the certificate will not work.
Please prepare the information when using the CSR online tool:
- Domain Name: For example, you want to www.myssl.com.cn this site to apply for a server certificate, you need to use www.myssl.com.cn as a domain name to apply, the certificate is issued to a host, not a domain, so www.myssl.com.cn and myssl.com.cn is two different domain names.
- Organization Name: Please enter the name of your applicant/company, please use English or pinyin.
- Department: Please enter the name of your department, please use English, for example: IT Department.
- City: Please enter your city, please use English, for example: Shanghai
- Provinces/municipalities: Please enter your province or municipality, please use English, for example: Shanghai
- Country: Country Code, if you are a Chinese company, please keep CN.
GeoTrust the digital signature sent to you by mail is also based on the text format of the standard, the digital signature is saved as SSL.CRT, plus the Ssl.key file, which is a complete set of SSL certificate files that can be copied directly to Apache for use. If your Web server is not Apache, you will need to ssl.key+ssl through two additional tools. The CRT is converted to the appropriate file format: PFX, JKs, and KDB.
Generate CSR Online Now
PFX conversion Tool
Microsoft IIS uses the PFX certificate file format primarily, and the traditional approach is to generate an SSL certificate request through IIS, then return the CA's digital signature to IIS, and finally get the PFX file from IIS. Now we can easily combine ssl.key and ssl.crt into a PFX file with the PFX online conversion tool.
Use this tool, please first use Notepad to open the Ssl.key and ssl.crt files, copy all, and then paste to the corresponding 2 text boxes, PFX is required to set a protection password, set the protection password, click "Collectively PFX file", you can appear a merged successful page, And you can download the PFX file from this page.
Make sure that Ssl.key and ssl.crt are matched to each other, and that SSL.CRT is digitally signed by GeoTrust or RAPIDSSL, otherwise it will not merge correctly.
For information about how to import PFX to IIS server see: Import of the IIS servers certificate
Craft PFX Online now
JKS Conversion Tool
Web servers using Java, such as Tomcat, JBOSS, WebLogic, and so on, primarily use the JKS (Java Keystore) certificate file format, and the traditional way to make JKs is to create Keytool from the JKs tool and then generate the key pair and the CSR file. Finally, the digital signature of the CA is directed back to JKs. Now we can easily combine ssl.key and ssl.crt into JKS files with the JKS online conversion tool.
Using this tool, please first use Notepad to open the Ssl.key and ssl.crt files, copy all, and then paste to the corresponding 2 text boxes, JKs need to set a password protection, but also need to set an alias, because JKs (Java Keystore) is a key pair database , you can store multiple key pairs, so you need to set an alias within JKS for the imported certificate (key pair) for identification. Click "Composite jks file" To see a successful merge page, and you can download the JKs file from this page.
Make sure that Ssl.key and ssl.crt are matched to each other, and that SSL.CRT is digitally signed by GeoTrust or RAPIDSSL, otherwise it will not merge correctly.
about how to import JKs into Tomcat see: Importing a Tomcat server certificate
Synthesize JKs Online Now
KDB Conversion Tool
IBM HTTP Server uses the KDB file format (CMS key database file) developed by IBM, and the traditional way to make KDB is cumbersome, using IBM's dedicated Ikeyman tools, and in the context of IBM's JRE, You must also be on IBM's computer to install the IBM JRE. Now we can easily combine ssl.key and ssl.crt into KDB files via the KDB Online conversion tool.
Using this tool, Please first use Notepad to open the Ssl.key and ssl.crt files, copy all, and then paste to the corresponding 2 text boxes, KDB need to set a password protection, but also need to set a label, KDB file is very similar to the Java KeyStore file, can also hold multiple key pairs, so the import of this A certificate (key pair) sets a label (similar to an alias in JKs) within KDB for identification. Click "Composite KDB file" To see a successful merged page, and the KDB and STH files can be downloaded from this page. (If you need to use tools such as Ikeyman to view this kdb, please download another 2 CRLs and Rdb files, and in the same directory as the KDB file, if only to configure the server, only the KDB files and sth files, sth files are stored passwords files)
Make sure that Ssl.key and ssl.crt are matched to each other, and that SSL.CRT is digitally signed by GeoTrust or RAPIDSSL, otherwise it will not merge correctly.
For information on how to import KDB to IBM HTTP Server, see:
Import of IBM HTTP server certificate
Synthesize KDB Online Now
p7b Tools
The P7B (PKCS7 file format) format supports carrying all of the signing certificates in a file, and if the CSR file is generated through the IIS Wizard, you need to convert the certificate to a p7b file before continuing with the IIS Wizard, importing the certificate and all the intermediate chain certificates. The P7B online compositing tool SSL.CRT easily merged into P7B files.
Using this tool, first open the Ssl.crt file with Notepad, copy all, or copy the contents of the certificate in the received certificate message (including-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----). Then paste into the text box. Click "Composite p7b file" To see a successful merge page, and you can download the p7b file from this page.
Synthesize p7b Online Now
PEM Conversion Tool
PEM (Privacy enhanced mail, enhanced private message) format is now used more as a key format and can contain private keys (RSA and DSA), Public keys (RSA and DSA), and X509 certificates. It stores ASCII header-wrapped Base64 encoded DER-formatted data, so it works for text-mode transmission between systems. The private key portion of the PEM, which can be selected for encryption, primarily converts a PEM file that is encrypted to the private key. Easily combine Ssl.key and ssl.crt into PEM files with the PEM Online conversion tool.
Using this tool, first open the Ssl.key and ssl.crt files with Notepad, copy them all, then paste them into the corresponding 2 text boxes, and the PEM needs a password protection. Click "Composite PEM file" To see a successful merge page and download the Pem file from this page.
Make sure that Ssl.key and ssl.crt are matched to each other, and that SSL.CRT is digitally signed by GeoTrust or RAPIDSSL, otherwise it will not merge correctly.
Synthesize PEM Online Now
Http://www.myssl.cn/guide/openssl.asp
https://www.chinassl.net/
https://www.chinassl.net/ssltools/
SSL Certificate Online Tool