How to generate from one .crt (wildcard) file several .pem files?

1
votes

I've gotten from GoDaddy one .crt wildcard certificate and private key. I need to provide to the bank three .pem files: Encryption Public Certificate, Signature Public Certificate, SSL Public Certificate. How can i generate them from .crt file? I've already tried command.

openssl x509 -in mycert.crt -out mycert.pem -outform PEM

But the file which i get as result of command constantly the same but i need three different files. Does bank ask me to do impossible things? :)

1
sslopensslcertificatessl-certificatewildcard
You should have TLS Web Server Authentication (1.3.6.1.5.5.7.3.1) extended key usage extension in the certificate. Also you most likely have DigitalSignature and KeyEncipherment key usage extensions. If so then you have all 3 certificates in one. This is the usual format of a SSL certificate.pepo
@pepo thx for the answer! I sent .crt certificate to bank backend team, and got the answer: "We will need 3 more (1 more to proceed with UAT, 2 others are to be prepared for Production) certificate in total. One would be used for SSL and the other for Signing and Encryption, and we will replicate the UAT into PRD once the testing is successful.". But GoDaddy provide to me only one certificate. Maybe you can help me understand what they want from me :) And how can i provide for their needs with only one wildcart .crt certificate and private key.They need 2 certs for each domain. (PROD, UAT)Tipok
If the address of UAT can not be included in the wildcard you have (i.e. uat.yourdomain.com matches because you have *.yourdomain.com in the certificate) then you need to buy another certificate for UAT. Or make one yourself and make it trusted in UAT.pepo
The certificate should be usable on both PROD and UAT. There are of course security considerations how to protect the private key because it will be on 2 enviroments. Make sure it does not get stolen from UAT :)pepo

1 Answers

0
votes

The answer is that you can't generate new cert based on current cert. This is full answer https://serverfault.com/a/749745