3rd party SSL/TLS certs on TurnKey: convert CER/P7B to PEM

Stuart recently asked via support how to use third party .cer or .p7b SSL/TLS certificates with TurnKey v14.x.

As I don't run any permanent websites, I'm not super familiar with different certificate formats. My only experience really has been through my years with TurnKey and I've only ever encountered the text file .pem certs. So I did a quick bit of research to help Stuart out. I figured that seeing as it's been a little while since I wrote a blog post and this info may be useful for others, I wrote it up. :)

Blog Tags: 

Self signed and trusted SSL certificates

Keeping it simple, HTTPS is a combination of the HTTP and SSL/TLS protocols, which provides encryption while authenticating the server. The main idea is to create a secure channel over an insecure network, ensuring "reasonable" protection from eavesdroppers and man-in-the-middle attacks.

HTTPS assumes that special CA (Certificate Authority) certificates are pre-installed in web browsers. If your SSL certificate is not signed by one of these CA's, the browser will display a warning:

We don't need no stinking SSL

Why we disabled SSL and use an SSH tunnel for web site administration

Content managements systems like the one we're using for the web site (Drupal) need to provide a privileged administration interface which you usually want to access securely. Due to the insecure nature of the Internet, it's reasonable to assume your traffic may be intercepted at some point. So how do you prevent that?

Up until recently, we used SSL. You could access the web site from both:

Unfortunately, as the site grew in complexity this created a range of subtle but annoying paper-cut type problems.