Re: Howto transfer certificate from IIS to apache

Thu, 26 Nov 1998 12:12:26 -0500 

On Thu, Nov 26, 1998 at 03:39:28PM +0100, Ralf S. Engelschall wrote:
> On Thu, Nov 26, 1998, Michael Hallgren wrote:
> 
> > On Thu, Nov 26, 1998 at 08:16:14AM +0100, Ralf S. Engelschall wrote:
> > > On Thu, Nov 26, 1998, Nuno Grilo wrote:
> > > 
> > > > I have a machine running WindowsNT+IIS with a certificate issued by 
> > > > verisign and which I will soon change to Unix+apache+mod_ssl.
> > > > I would like to know if it is possible to transfer the private 
> > > > key/certificate from IIS to apache or will I have to ask verisign to 
> > > > issue a new certificate?
> > > 
> > > The certificate is a X.509 certificate, so you can use it with Apache, too.
> > > But it can be encoded in a different envelop format. I guess IIS uses plain
> > > DER while for Apache+mod_ssl+SSLeay you need it in PEM format. What you
> > > usually need is to convert it. 
> > > 
> > > For instance you can use the following SSLeay commands to convert your
> > > iis-server.crt/iis-server.key files (assuming they are named this way and are
> > > in DER format) to the server.crt/server.key files for mod_ssl:
> > > 
> > > $ ssleay x509 -inform DER -in iis-server.crt -outform PEM -out server.crt
> > > $ ssleay rsa  -inform DER -in iis-server.key -outform PEM -out server.key
> > 
> > Hmm,... I tried to go the other way around. Built a pair on a BSD box, sent
> > a request to Thawte, then tried to use the pair on a Windows box. It did not
> > work. So I called Thawte, learning that BSD -> Win export of priv key doesn't
> > work ???
> 
> Really?


Honestly, I don't know... but it seems like. (I'm more Un*x than NT.)


> That's interesting. The format of the cert/key data is actually coded
> in ASN.1,


Yep. That was my argument as well...


> so should be totally portable between BSD and Windows. Hmmmm...


...

> never tried this way myself.


Michael

>                                        Ralf S. Engelschall
>                                        [EMAIL PROTECTED]
>                                        www.engelschall.com
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List               [EMAIL PROTECTED]
> Automated List Manager                       [EMAIL PROTECTED]

-- 
Michael Hallgren, Graphnet Systems, http://mh.graphnet.fr
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to