Expecting: TRUSTED CERTIFICATE while converting pem to crt

You cannot "convert" a public key to a certificate. A certificate includes the public key but it includes also more information like the subject, the issuer, when the certificate is valid etc. And a certificate is signed by the issuer. Thus what you would need instead is to create a certificate signing request (CSR) which includes the public key but also includes all the additional information. This CSR then needs to be signed by a certificate authority (CA) which then results in the certificate.

For creating a simple self-signed certificate which is not trusted by any browser see How to create a self-signed certificate with openssl?.


You cannot convert a public key into a certificate.

The original commands will not work since the PEM encoding / file format is expecting to contain the encrypted certificate text like below:

-----BEGIN CERTIFICATE-----

Certificate data here

-----END CERTIFICATE-----

Therefore if you view the original .PEM file and see something else (like BEGIN RSA ... ) then that is incorrect.

Now according to the thread title you are seeking to convert a PEM into a CRT file format. Note that x509 certificates can be in two encodings - DER and PEM. Also, PEM can be within a .CRT, .CER and also .PEM format.

Therefore if you see that error there is also a chance that you are treating a DER encoded certificate as a PEM encoded certificate. You can try to see if it's actually DER encoded by following the instructions in this page.

Tags:

Openssl