I hate to spoil your day but you should not have posted your .csr file, as
that contains your SSL private key. You should not post either .csr or .key
files. I personally wouldn't even post a .crt file. Keep them secret, owned
by root with 400 permissions!
I suggest for your own security that you recreate your key. Unless of course
you are using this for a test certificate then it doesn't really matter.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-----Original Message-----
From: Juergen Schreier [mailto:[EMAIL PROTECTED]]
Sent: 14 July 2000 17:33
To: [EMAIL PROTECTED]
Subject: AW: Can I create a Server Certificate for MS IIS4.0 with
mod_ssl
Hello John,
thanx alot for that fast help !
I tried following your advise - but I was curiuos and built my own
CA cert using openssl - and tried to sign my own certificate.
Which of course didn't quit work out. Has this something to do with
the 512-bit Keylengt in the German IIS 4.0 Version ?
I am getting error messages regarding the cert not the key im trying to
install.
to sum up what I did:
1. I created an RSA Key for my Server using openssl like this:
openssl genrsa -des3 -out server.key 512
2. I created a Certificate Signing Request using MS IIS Key Manager
and cut out the relevant data into file iis.csr:
<SNIP CSR>
3. created an RSA private Key for my own CA
openssl genrsa -des3 -out ca.key 1024
4. Then I created a self-signed CA Certificate (X509 structure) with the RSA
key of the CA above
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
5. singed iis.csr with the sign.sh shellscript coming with mod_ssl
sign.sh iis.csr
and ended up having a (errorsome?) iis.crt which the Keymanager of IIS 4.0
is not able to import
What went wrong ?
I will try using a test cert from thawte now but am still too curious if I
can't do this all by
myself in this case.
Thanx a bunch for any advise/hints
Greetings from Munich, Germany
J�rgen Schreier
> -----Urspr�ngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Im Auftrag von Airey, John
> Gesendet am: Freitag, 14. Juli 2000 15:16
> An: '[EMAIL PROTECTED]'
> Betreff: RE: Can I create a Server Certificate for MS IIS4.0 with
> mod_ssl
>
> I would recommend that you try a test starred certificate from Thawte
> (www.thawte.com) but create your key with mod_ssl first. The certificate
> from Thawte for mod_ssl is the same that can be used with IIS4.0
> (I know I'm
> right about this because this is how we run it!)
>
> However, the key you create for mod_ssl will not work with IIS. This is
> where openssl helps.
>
> Type the following where you install your private key (I assume you are
> calling it modssl.key)
>
> openssl rsa -in modssl.key -out iis.key -outform NET
>
> This will prompt you for a passphrase. Make sure to put one in!
>
> Next copy the certificate and iis.key to a floppy (with mcopy or
> mount a DOS
> floppy).
>
> Put this floppy in your NT server and run Key Manager. Select Key/Import
> Key/KeySet Files.
>
> Put in the file names for your certificate and private key.
>
> You should now be able to use the same key/cert for IIS4.0 and modssl.
>
> Once finished eat the floppy disk ;-)
>
> -
> John Airey
> Internet Systems Support Officer, ITCSD, Royal National Institute for the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Juergen Schreier [mailto:[EMAIL PROTECTED]]
> Sent: 14 July 2000 14:04
> To: [EMAIL PROTECTED]
> Subject: Can I create a Server Certificate for MS IIS4.0 with mod_ssl
>
>
> Hi all,
>
> I need to test an application in a heterogenous Environment (i.e.
> Apache AND
> MS IIS 4.0
> Webservers).
> This Application is supposed to support SSL encryption between
> Clients (all
> kinds of browsers)
> and Servers.
> At the moment I don't want to buy an expensive Verisign
> Certificate and want
> to experiment in
> making my own certs for the test and if applicable even in the productive
> enviroment since all
> Users would know the issuer of that cert would be trustworthy.
>
> So my question is:
> Can I create a Server Certificate for MS IIS4.0 with mod_ssl
> and if the answer is yes, how.
>
> Any hints - to a howto Document on making certificates with mod_ssl in
> general - or how
> solve my specific questions are very welcome
>
> thanx in advance
>
> J�rgen Schreier
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
