Re: Howto transfer certificate from IIS to apache

Michael Hallgren Thu, 26 Nov 1998 13:39:10 -0500
On Thu, Nov 26, 1998 at 06:10:33PM +0100, Ralf S. Engelschall wrote:
> On Thu, Nov 26, 1998, Nuno Grilo wrote:
> 
> >[..]
> > > > > For instance you can use the following SSLeay commands to convert your
> > > > > iis-server.crt/iis-server.key files (assuming they are named this way and are
> > > > > in DER format) to the server.crt/server.key files for mod_ssl:
> > > > > 
> > > > > $ ssleay x509 -inform DER -in iis-server.crt -outform PEM -out server.crt
> > > > > $ ssleay rsa  -inform DER -in iis-server.key -outform PEM -out server.key
> > > > 
> > > > Hmm,... I tried to go the other way around. Built a pair on a BSD box, sent
> > > > a request to Thawte, then tried to use the pair on a Windows box. It did not
> > > > work. So I called Thawte, learning that BSD -> Win export of priv key doesn't
> > > > work ???
> > > 
> > > Really? That's interesting. The format of the cert/key data is actually coded
> > > in ASN.1, so should be totally portable between BSD and Windows. Hmmmm...
> > > never tried this way myself.
> > 
> > After some hacking with dd, asn1parse and other SSLeay utils I think I 
> > made it (I still have to recompile apache with mod_ssl).
> > My problem was getting the private key in a usable state.
> > IIS has an option to export the key and certificate but the key is 
> > encrypted with a passphrase and I didn't know the format of the export file.
> > Using asn1parse I discovered that the algorithm is rc4 and using the rc4 
> > utility from SSLeay I decrypted the key. Next I had to remove the 
> > envelope and convert it to PEM.
> 
> Oh hell, what a situation. Please remember the steps and finally post a
> step-by-step list on how to convert such a IIS cert/key for Apache+mod_ssl.


As said before, I'll investigate the BSD->W$ issue.

mh
> Because I think it would be useful to share this experience with the others
> upgraders...
>                                        Ralf S. Engelschall
>                                        [EMAIL PROTECTED]
>                                        www.engelschall.com
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List               [EMAIL PROTECTED]
> Automated List Manager                       [EMAIL PROTECTED]

-- 
Michael Hallgren, Graphnet Systems, http://mh.graphnet.fr
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]
Re: Howto transfer certificate from IIS to apache

Reply via email to
