My client has requested us to provide them with a .crt and .key (private) file from our hosting provider (WPEngine) in order to be able to redirect from their domain to our domain. The .crt file needs to be in the following specs:
.crt file in PEM format for nginx/apache server
SHA 256
2K length
Upon chatting with WPEngine, they can only provide me with a .csr and .key (private key) file as they do not have the tools to convert it to .crt (PEM). Upon googling on how to get this .crt file, I have found out that this .crt file needs to be generated by a valid CA.
Is this something that LetsEncrypt can do? I would appreciate if someone could point me in the right direction (with the steps please) on how I should acquire this .crt file with private key in the above-mentioned specs.
While it’s not hard to generate a certificate, something about your story makes me question whether you are going about this the right way.
The reason is, even if you make a certificate today, it will only be valid for 90 days. What are you going to do 90 days from now - email them again with a new certificate? The process isn’t realistic.
Usually people setup tools to perform automatic SSL and renewal for them via Let’s Encrypt, without messing about with manually acquiring .crt files etc… For example, using https://certbot.eff.org/ will do all the CSR, key and certificate stuff for you.
What is the nature of this redirection? Are you moving a website to WP Engine?
WP Engine offers free automatic SSL once you point your domain to them - it shouldn’t be necessary to send a certificate to them.
Can you explain more on “WP Engine offers free automatic SSL once you point your domain to them - it shouldn’t be necessary to send a certificate to them.”?