How to Create a .crt File in Linux?

The “.crt” (certificate) file is a digital file that comprises the information regarding the identity of an organization or website. The “.crt” file is important for building a secure link between a web browser and a server.

The OpenSSL command-line tool allows users to create a .crt file in Linux. This guide will illustrate a step-by-step procedure to create the .crt file in Linux.

How to Create a .crt File in Linux?

The “.crt” file encrypts the communication between websites or organizations that protect the sensitive information exchanged between them. The steps to create a self-signed .crt file using OpenSSL are mentioned below:

Prerequisite: Check the OpenSSL Version

The OpenSSL library is preinstalled in the system; you can check the version of OpenSSL through the “version” utility as below:

$ openssl version

The output shows that “OpenSSL 3.0.2” is already installed in the system.

Step 1: Generate Private Key File

First, generate the private key file, which is necessary to create the “.crt” file in Linux. For this, the “openssl genpkey” command is utilized by specifying the encryption algorithms as “RSA” and “AES256” and the file name “private.pem” as below:

$ openssl genpkey -algorithm RSA -out private.pem -aes256

This command generates a private key file named “private.pem” using RSA and AES256 encryption. It requires a new password to access the private key file in the future.

Step 2: Create a .CRT (certificate) File

In this step, the “.crt” file is created by utilizing the above private key file “private.pem”. For instance, specify the file’s name as “certificate.crt” and utilize the private key file “private.pem” to create the new .crt file as below:

$ openssl req -new -x509 -key private.pem -out certificate.crt

The output shows that the self-signed certificate file “certificate.crt” has been created using the private key file.

Step 3: Verify the .CRT File

The .crt file can be verified by displaying its content. For this, the “cat” command is utilized by specifying the “certificate.crt” file in the terminal:

The output displays the encrypted content present in the “.crt” file.


Linux offers the built-in “OpenSSL” library to create the “.crt” file that establishes a secure connection between a server and a web browser. Before creating the “.crt” file, the private key file is required that can be generated via an encryption scheme such as “RSA”, “AES256”, or both. This article has briefly explained the step-by-step procedure to create the “.crt” file in Linux.