Hello John,
thanx for your advice regarding not posting a .csr-file. I know that
I mustn' t do this in a productive environment.
But I am still trying getting my test-environment ready and so I thought
this would help you giving me the right advise and I could change these
keys at a later date when I was able to change those keys at any rate
it fits my purpose.
(actually thats why I want to sign my OWN certificates!).
Could you see any reason, as to why my certificate didn't work ?
I have read alot about having to install special a DER-format copy of the CA
key into the MS IIS 4.0 Server.
Have you done this with any key sent to you by Thawte ?
best regards
J�rgen
> -----Urspr�ngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Im Auftrag von Airey, John
> Gesendet am: Montag, 17. Juli 2000 14:46
> An: '[EMAIL PROTECTED]'
> Betreff: RE: Can I create a Server Certificate for MS IIS4.0 with
> mod_ssl
>
> I hate to spoil your day but you should not have posted your .csr file, as
> that contains your SSL private key. You should not post either
> .csr or .key
> files. I personally wouldn't even post a .crt file. Keep them
> secret, owned
> by root with 400 permissions!
>
> I suggest for your own security that you recreate your key.
> Unless of course
> you are using this for a test certificate then it doesn't really matter.
>
> -
> John Airey
> Internet Systems Support Officer, ITCSD, Royal National Institute for the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
>
>
>
> -----Original Message-----
> From: Juergen Schreier [mailto:[EMAIL PROTECTED]]
> Sent: 14 July 2000 17:33
> To: [EMAIL PROTECTED]
> Subject: AW: Can I create a Server Certificate for MS IIS4.0 with
> mod_ssl
>
>
> Hello John,
>
> thanx alot for that fast help !
> I tried following your advise - but I was curiuos and built my own
> CA cert using openssl - and tried to sign my own certificate.
>
> Which of course didn't quit work out. Has this something to do with
> the 512-bit Keylengt in the German IIS 4.0 Version ?
> I am getting error messages regarding the cert not the key im trying to
> install.
>
> to sum up what I did:
>
> 1. I created an RSA Key for my Server using openssl like this:
> openssl genrsa -des3 -out server.key 512
>
> 2. I created a Certificate Signing Request using MS IIS Key Manager
> and cut out the relevant data into file iis.csr:
> <SNIP CSR>
>
> 3. created an RSA private Key for my own CA
> openssl genrsa -des3 -out ca.key 1024
>
> 4. Then I created a self-signed CA Certificate (X509 structure)
> with the RSA
> key of the CA above
> openssl req -new -x509 -days 365 -key ca.key -out ca.crt
>
> 5. singed iis.csr with the sign.sh shellscript coming with mod_ssl
> sign.sh iis.csr
>
> and ended up having a (errorsome?) iis.crt which the Keymanager of IIS 4.0
> is not able to import
>
> What went wrong ?
> I will try using a test cert from thawte now but am still too curious if I
> can't do this all by
> myself in this case.
>
> Thanx a bunch for any advise/hints
>
> Greetings from Munich, Germany
>
> J�rgen Schreier
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
