I am posting an answer to my own question. All I had to do was extract
both the key and the cert from the combination file. The only changes to
the instructions at the Thawte site are to search for 'certificate' then
backup to 30 82 and delete everything before that. Very similar to the
method used for the extraction of the key.
Here are my notes:
The file sent to me is a combination of the private key and the cert (I
think). There is also an extra header added by IIS. To remove the header
I opened the file in a Windows hex editor and removed the bytes leading to
the string 30 82 which precedes the text "private-key." Instructions for
doing this are at:
http://www.thawte.com/support/server/msiis.html#iistossl .
This gives the RSA key from the file:
openssl rsa -inform NET -outform PEM -in combofile.key -text
Get lots of information from file:
openssl asn1parse -inform NET -in combofile.key
To get the cert from the combo file search for 'certificate' then back
up to the 30 82 and delete everything before that. Then to convert
from binary to ascii use:
openssl x509 -inform NET -outform PEM -in combofile.crt
Now you should have two files, a key and a cert which look similar to:
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgGZolWGgluSEcu/eAFf31lDDSRX+w7CBwYTDo53W2qXL+zBtV78x
Xguel3wyj50YZQN1Q/daS4U8UcXK2ZqPxwvWyfbSayyJXECNsq+6QB38oWdHCYCJ
YBJTHNEENEiI/lCybZuOb9YPzOWvNkr9zsOnfBkF6L3WFJ5h5Bn2QlqNAgMBAAEC
gYBDMF7B3NDjQRr/0VG8ZXiRKG8tJSdTCO7kok8Y4bw2hyxYy4SEhmlDilutOqcK
1NSBflCHWxCta7Pi54H5bFeUzUg60vyl6frPcTIxWgOKsDZip5OghrSSgwErfIp1
wH15dZDtcncjwewvknejnvewenvcewfjvkpgeL86AEsGQQJBAMnE/DRql4PsTZ03
oKOjHcLm5j7eLUO3HuoJBZDXgoBdiFPthBpBG1iCAdE6JSh9/+QtYjdnd4u7tm01
gmkGkbkCQQCB7vAAFnZ5hP43PMd/wF+8vZ5fTo8eDInY82ADZxSBLzuXlS+L4AKF
1YzSVmBVWhumQhAylf4VCE+2GQp2VEl1AkEAhOelfV1tGm/wHAxFWySZ+QUhSu4M
gNtBmMWCjgr3Ilj58Na2OpkCS0Wvfhdwvxkuhwqvbekq7uAh5UPm+AlkuQJAF0wn
fmyIq7tb9b2RK+frgqUhS4eDg+jNorfoxFNsSsmUTtayIst0yFiFGoXifehifhhg
ifqiojoqgfPy60qrrQJAILqxnr5jbvVCErHGSUReYJjy2BYmKKyyZ+RuAZxc7Akw
UupE7atJyq/lQPeIAfrNJJL4ogykGG4H+iwpheA+sA==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICZzCCAdQCEDFNNydBqaPVsBTx33++WDwwDQYJKoZIhvcNAQEEBQAwXzELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5
MTAxNTAwMDAwMFoXDTAwMTAxNDIzNTk1OVowgY4xCzAJBgNVBAYTAlVTMRQwEgYD
VQQIEwtDb25uZWN0aWN1dDERMA8GA1UEBxQIVHJ1bWJ1bGwxGjAYBgNVBAoUEUNV
QyBJbnRlcm5hdGlvbmFsMR0wGwYDVQQLFBRJbnRlcm5ldCBFbmdpbmVlcmluZzEb
MBkGA1UEAxQSd3d3LmhhZ2dsZXpvbmUuY29tMIGeMA0GCSqGSIb3DQEBAQUAA4GM
ADCBiAKBgGZolWGgluSEcu/eAFf31lDDSRX+w7CBwYTDo53W2qXL+zBtV78xXgue
l3wyj50YZQN1Q/daS4U8UcXK2ZqPxwvWyfbSayyJXECNsq+6QB38oWdHCYCJYBJn
GwOUEMiI/lCybZuOb9YPzOWvNkr9zsOnfBkF6L3WFJ5h5Bn2QlqNAgMBAAEwDQYJ
KoZIhvcNqigiqinqkgBLwrKdOyPW/3ogExY4z0JHNGj37eDGYv9DGc3MF+xm5afZ
y4jCorYvHmePWR+rhpsDhZ5A9h6JHyUSmFROy5+BZ8DwKiaTWp7g5swD9C4bvwFw
O7ciLYuCPmmqQW4boxYDyWJWbKWeP+0Gh7raGX6LCl6VND4RKfrZmDFVjA==
-----END CERTIFICATE-----
Dan Roscigno [EMAIL PROTECTED]
(425)456-3540 (425)864-5540(cell)
On Mon, 21 Aug 2000, Dan Roscigno wrote:
>
> I am trying to get an IIS cert working with Apache. I believe that the
> file I am working with is a combination key and cert. I think this is
> the case as when I type:
>
> openssl asn1parse -inform NET -in inputfile
>
> I see:
>
> 0:d=0 hl=4 l= 664 cons: SEQUENCE
> 4:d=1 hl=2 l= 11 prim: OCTET STRING :private-key
> 17:d=1 hl=4 l= 647 cons: SEQUENCE
> 21:d=2 hl=2 l= 10 cons: SEQUENCE
> 23:d=3 hl=2 l= 8 prim: OBJECT :rc4
> 33:d=2 hl=4 l= 631 prim: OCTET STRING
> 668:d=0 hl=2 l= 2 cons: appl [ 28 ]
> 670:d=1 hl=2 l= 0 prim: EOC
> 672:d=0 hl=4 l= 632 cons: SEQUENCE
> 676:d=1 hl=2 l= 11 prim: OCTET STRING :certificate
> .
> .
> .
> Lots more information. My guess is that if the file were only a private
> key there would not be any info in there such as the organizationa dn
> common name.
>
> I got the key out by editing the file in a hex editor and following the
> instructions at the Thawte support site. The key is now stored in a
> seperate file. Now what do I do to get the cert out and in a useful
> format? I do not have any files to use other than the one from which I
> grabbed the key (an NT admin in a different time zone should get back to
> me some time and let me know if there is another file which just
> contains the cert). In the meantime I will try hex editing the file
> again, maybe if I advance to the string that says certificate and trim
> from there rather than earlier in the file at the private-key point?
>
> Thanks for any help!!!
> Dan
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
