I need help getting SSL (https) working for a customer before I lose the will to live..... Sorry for the length of this.
Using GSKKYMAN, and referring to sections 4.2.6.5 and 4.2.6.6 of "HTTP Server Planning, Installing, and Using" I did the following: - created a CA database, created a CA certificate, made it the default, exported it to a file - created a server key database, imported the CA certificate, created a server certificate request (certificate with 2048-bit RSA key) - self-signed the server certificate, imported it to the server key database, made it the default So far so good. HTTPS requests work ok and the customer and I can see the certificate. But the customer wants to sign the certificate with their own CA certificate. So I send them the server certificate request, and some time later I get back 2 files, a .P7B file containing 3 certificates, the first 2 I assume are their CA certificate chain, and the 3rd is the signed key. I can import this P7B file and can see the 3 certificates if I use the Manage Certificates option. They also send a .CER file which is binary and unreadable but I can import it. This is presumably the signed certificate in a different format. But, HTTPS requests still pick up the original default key. If I use the Manage keys option I can only see my original key, so I can't set the newly imported stuff as default. I've tried deleting the original key, and then get IMW6802E SSL Handshake failed: return code 12 (GSK_KEYFILE_BAD_LABEL) or IMW6802E SSL Handshake failed: return code 6 (Key label is not found. I've tried using SSLServerCert in the httpd.conf to point to a particular certificate but that gives IMW6802E SSL Handshake failed: return code 428 (Key entry does not contain a private key). In httpd.conf I've tried SSLMODE ON and SSLMODE MIXED. It doesn't help that I don't quite understand the difference between keys and certificates but what am I missing? How can I pick up the certificate signed by the customer? Thanks Paul _______________________________________________________ Atos and Atos Consulting are trading names used by the Atos group. The following trading entities are registered in England and Wales: Atos IT Services UK Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380) and Atos IT Solutions and Services Limited (registered number 01203466) The registered office for each is at 4 Triton Square, Regents Place, London, NW1 3HG. The VAT No. for each is: GB232327983 This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email. _______________________________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
