On Thu, Nov 26, 1998, Nuno Grilo wrote:
>[..]
> > > > For instance you can use the following SSLeay commands to convert your
> > > > iis-server.crt/iis-server.key files (assuming they are named this way and are
> > > > in DER format) to the server.crt/server.key files for mod_ssl:
> > > >
> > > > $ ssleay x509 -inform DER -in iis-server.crt -outform PEM -out server.crt
> > > > $ ssleay rsa -inform DER -in iis-server.key -outform PEM -out server.key
> > >
> > > Hmm,... I tried to go the other way around. Built a pair on a BSD box, sent
> > > a request to Thawte, then tried to use the pair on a Windows box. It did not
> > > work. So I called Thawte, learning that BSD -> Win export of priv key doesn't
> > > work ???
> >
> > Really? That's interesting. The format of the cert/key data is actually coded
> > in ASN.1, so should be totally portable between BSD and Windows. Hmmmm...
> > never tried this way myself.
>
> After some hacking with dd, asn1parse and other SSLeay utils I think I
> made it (I still have to recompile apache with mod_ssl).
> My problem was getting the private key in a usable state.
> IIS has an option to export the key and certificate but the key is
> encrypted with a passphrase and I didn't know the format of the export file.
> Using asn1parse I discovered that the algorithm is rc4 and using the rc4
> utility from SSLeay I decrypted the key. Next I had to remove the
> envelope and convert it to PEM.
Oh hell, what a situation. Please remember the steps and finally post a
step-by-step list on how to convert such a IIS cert/key for Apache+mod_ssl.
Because I think it would be useful to share this experience with the others
upgraders...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
