Oops, my mistake of asking something I did not understand. Basically, the result of the extraction procedure is the cert.p12 (which is the dummy certificate containing the original private key). And in the final step of using pkcs12 (or using the openssl wrapper - openssl pkcs12) to extract the private key from the p12 certificate, it actually allows you to specify a password to the private key. This will actually requires me to put in the password when I issue 'apachectl startssl'. Sorry to bother the group. But then again this prove the procedure actually works! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ed Yu, IBM Certified Specialist - AIX System Administrator Information Technology Manager, University of South Carolina, Advanced Solutions Group, Physics Dept., Columbia, SC 29208 Office (803)777-8831, FAX (803)777-8833, Email [EMAIL PROTECTED] -----Original Message----- From: Remi Cohen-Scali [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 1:44 PM To: [EMAIL PROTECTED] Subject: Re: Re-use a Thawte Certificate (for Netscape Fasttrack) on Apache Ed Yu a �crit : > > Hi all, > > I was able to follow the procedure outlined in > http://www.drh-consultancy.demon.co.uk/nskey.html to extract the private key > out from the Netscape Fasttrack Server. Now I need to encrypt this key so > that I can start apache with it with the Thawte certificate (requested by > that same key). I was wonder if anyone knows how to do this? I know I can > start the server simply with this file (without prompting for the pass > phrase), but I would like to have the pass phrase for a little more > security. Any ideas? > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Ed Yu, IBM Certified Specialist - AIX System Administrator > Information Technology Manager, > University of South Carolina, > Advanced Solutions Group, Physics Dept., > Columbia, SC 29208 > Office (803)777-8831, FAX (803)777-8833, Email [EMAIL PROTECTED] > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] You can use these as a start point. It differs because you have already the key and you don't have a CA but a chained CA cert (I think it is what you speak about by telling thawte cert). You also need a conf file for openssl with matching your needs (can start from openssk.cnf). Personaly I use these to generate my site certs with a home made CA cert. -- \ / Remi Cohen-Scali ---\\\\--- [EMAIL PROTECTED] WAP / \ [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
