Re: Re-use a Thawte Certificate (for Netscape Fasttrack) on Apache

Wed, 23 Aug 2000 10:36:40 -0700 

Ed Yu a �crit :
> 
> Hi all,
> 
> I was able to follow the procedure outlined in
> http://www.drh-consultancy.demon.co.uk/nskey.html to extract the private key
> out from the Netscape Fasttrack Server. Now I need to encrypt this key so
> that I can start apache with it with the Thawte certificate (requested by
> that same key). I was wonder if anyone knows how to do this? I know I can
> start the server simply with this file (without prompting for the pass
> phrase), but I would like to have the pass phrase for a little more
> security. Any ideas?
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Ed Yu, IBM Certified Specialist - AIX System Administrator
> Information Technology Manager,
> University of South Carolina,
> Advanced Solutions Group, Physics Dept.,
> Columbia, SC 29208
> Office (803)777-8831, FAX (803)777-8833, Email [EMAIL PROTECTED]
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

You can use these as a start point. It differs because you have already
the key and you don't have a CA but a chained CA cert (I think it is
what you speak about by telling thawte cert). You also need a conf file
for openssl with matching your needs (can start from openssk.cnf).
Personaly I use these to generate my site certs with a home made CA
cert.
-- 
                      \    /
 Remi Cohen-Scali   ---\\\\---   [EMAIL PROTECTED]
       WAP            /    \     [EMAIL PROTECTED]
#! /bin/bash

echo -n "Enter site URL : "
read site
openssl req -out ssl.csr/$site.csr -keyout ssl.key/$site.key -newkey rsa:1024 -new 
-config RCSCA/rcsnet.cnf -extensions v3_req
openssl x509 -in ssl.csr/$site.csr -out ssl.crt/$site.crt -days 365 -req -CA 
ssl.crt/CA.rcsnet.net.crt -CAkey ssl.key/CA.rcsnet.net.key -CAserial RCSCA/serial 
-sha1 -extensions svr_cert


Creer une demande et une clef:
[root@xfiles conf]# openssl req -out ssl.csr/www.rcsnet.net.csr -keyout 
ssl.key/www.rcsnet.net.key -newkey rsa:1024 -new

Creer un certificat CA:
[root@xfiles conf]# openssl x509 -in ssl.csr/CA.rcsnet.net.csr -out 
ssl.crt/CA.rcsnet.net.crt -days 365 -signkey ssl.key/CA.rcsnet.net.key -req -sha1

Signe une demande avec un CAcert:
[root@xfiles conf]# openssl x509 -in ssl.csr/www.rcsnet.net.csr -out 
ssl.crt/www.rcsnet.net.crt -days 365 -req -CA ssl.crt/CA.rcsnet.net.crt -CAkey 
ssl.key/CA.rcsnet.net.key -CAserial RCSCA/serial -sha1

Affiche un certificat:
[root@xfiles conf]# openssl x509 -in ssl.crt/www.rcsnet.net.crt -noout -text


Voir gen_site_cert.

Signature cryptographique S/MIME

Reply via email to