I hope my posting at least served as a warning to anyone on the list who
might consider posting .csr's, .crt's or .key's!
I can't vouch for the German version of IIS, but I actually do all the
certificate creation with openssl, eg the csr and key and then import it
back into IIS. I wouldn't trust IIS to create any key. The format of it's
key is different from the format of the key used by apache-mod_ssl. There is
a way to change a key from IIS format to Apache-mod_ssl format, but it's
tricky and the command
openssl rsa -in www.virtualhost.com.key -out www.virtualhost.com.iiskey
-outform NET
Works the other way around, ie converts a modssl key to an IIS format key.
Just to clarify, the CA sends you a .crt file that is valid for twelve
months. This is their way of saying that you are who you say you are for the
next twelve months. It's like a guarantee that a CD will be circular for the
next 90 days (before anyone writes in, I know that CD's don't have to be
circular!)
Thawte gives details on creating a ssl key for Apache-mod_ssl at
http://www.thawte.com/certs/server/keygen/mod_ssl.html
Mads is right (as if he is ever wrong) about the .csr file containing the
public key. I'm not sure where I read that it contained the private key,
perhaps it was on an old page at the Thawte site.
Obviously, it's best to test all this with the test key first before losing
any money on it.
And no, I do not get commission from Thawte!
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-----Original Message-----
From: Juergen Schreier [mailto:[EMAIL PROTECTED]]
Sent: 17 July 2000 18:15
To: [EMAIL PROTECTED]
Subject: AW: Can I create a Server Certificate for MS IIS4.0 with
mod_ssl
Hello John,
thanx for your advice regarding not posting a .csr-file. I know that
I mustn' t do this in a productive environment.
But I am still trying getting my test-environment ready and so I thought
this would help you giving me the right advise and I could change these
keys at a later date when I was able to change those keys at any rate
it fits my purpose.
(actually thats why I want to sign my OWN certificates!).
Could you see any reason, as to why my certificate didn't work ?
I have read alot about having to install special a DER-format copy of the CA
key into the MS IIS 4.0 Server.
Have you done this with any key sent to you by Thawte ?
best regards
J�rgen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
