Ed Yu a �crit :
>
> Oops, my mistake of asking something I did not understand.
>
> Basically, the result of the extraction procedure is the cert.p12 (which is
> the dummy certificate containing the original private key).
> And in the final step of using pkcs12 (or using the openssl wrapper -
> openssl pkcs12) to extract the private key from the p12 certificate, it
> actually allows you to specify a password to the private key. This will
> actually requires me to put in the password when I issue 'apachectl
> startssl'.
>
> Sorry to bother the group. But then again this prove the procedure actually
> works!
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Ed Yu, IBM Certified Specialist - AIX System Administrator
> Information Technology Manager,
> University of South Carolina,
> Advanced Solutions Group, Physics Dept.,
> Columbia, SC 29208
> Office (803)777-8831, FAX (803)777-8833, Email [EMAIL PROTECTED]
>
> -----Original Message-----
> From: Remi Cohen-Scali [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 23, 2000 1:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Re-use a Thawte Certificate (for Netscape Fasttrack) on
> Apache
>
> Ed Yu a �crit :
> >
> > Hi all,
> >
> > I was able to follow the procedure outlined in
> > http://www.drh-consultancy.demon.co.uk/nskey.html to extract the private
> key
> > out from the Netscape Fasttrack Server. Now I need to encrypt this key so
> > that I can start apache with it with the Thawte certificate (requested by
> > that same key). I was wonder if anyone knows how to do this? I know I can
> > start the server simply with this file (without prompting for the pass
> > phrase), but I would like to have the pass phrase for a little more
> > security. Any ideas?
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > Ed Yu, IBM Certified Specialist - AIX System Administrator
> > Information Technology Manager,
> > University of South Carolina,
> > Advanced Solutions Group, Physics Dept.,
> > Columbia, SC 29208
> > Office (803)777-8831, FAX (803)777-8833, Email [EMAIL PROTECTED]
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> You can use these as a start point. It differs because you have already
> the key and you don't have a CA but a chained CA cert (I think it is
> what you speak about by telling thawte cert). You also need a conf file
> for openssl with matching your needs (can start from openssk.cnf).
> Personaly I use these to generate my site certs with a home made CA
> cert.
> --
> \ /
> Remi Cohen-Scali ---\\\\--- [EMAIL PROTECTED]
> WAP / \ [EMAIL PROTECTED]
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
So You need something like:
openssl pkcs12 -in <yourfile>.p12 -out <thechain>.pem
You will obtain (after entering passphrase) a pem encoded file which
contains all key/certs enclosed in the p12 armor.
I use it to extract/transform netscape repository exported p12.
--
\ /
Remi Cohen-Scali ---\\\\--- [EMAIL PROTECTED]
WAP / \ [EMAIL PROTECTED]
Signature cryptographique S/MIME
