pull the drive and pop it into another machine so you can recover what ya need.
Thanks, Ron DuFresne On Sun, 14 Apr 2002, Andrew Lietzow wrote: > Dear mod_ssl'ers, > I have in my possesion a diskette on which I backed up my Thawte CRT file > (at least I'm bright enough to have done that...but at the time I didn't > know that I would need to have backed up TWO files... anyhow...). It has > been successfully installed previously on a SuSE Linux 7.1 server. The box > crashed hard last weekend (fortunately, it is was not quite yet a production > server). I could not get that fairly old P-100 system to come back up. > Everything I tried failed. Apparently, it took a hit on a memory chip or > something critical to the system such that it could not be rebooted. I > pulled hair for about a day while searching the SuSE site, and the entire > Inet crash recover routines on a SuSE box. No magical answer appeared. I > made the decision to upgrade. > > Now I have installed SuSE 7.3 on this new server and I need to reinstall my > CERT. I have the securedomainname.crt file in my possession on a diskette > but I do not have the original securedomainname.key file, or the > securedomainname.csr file (because I trust servers to never crash?). The > files are gone now as I have completely reformatted that system during the > new install. > > I have gone through the steps at > http://www.thawte.com/ucgi/gothawte.cgi?a=e380614470105000 to generate a new > server.key and server.csr file. Since I am running Apache 2.0.35, I > modified my /usr/local/apache2/conf/ssl.conf file to access the new .key and > OLD .crt file. It appears to be work through the ssl.conf file just fine > and then dies with a mismatch error. > > The entries I made look like this: > SSLCertificateFile /usr/local/apache2/conf/ssl.crt/securedomainname.crt (the > old file from Thawte, copied over from diskette) > SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/securedomainname.key > (a new file). > > Of course, perhaps critical to this routine is whether I answered the > questions EXACTLY the same during the creation of the NEW > securedomainname.csr file. It's possible, but I'm not 100% certain. > > When I attempt to fire up with: > ./apachectl startssl > the system prompts me for a passphrase and it accepts it. I did NOT enter a > passphrase when I requested my original Thawte CERT. I don't know if this > is critical (i.e. is my passphrase encrypted into the CSR file and they use > this as part of the generation of my private.crt file?). Anyhow, when I > ATTEMPT to fire up with > > ./apachectl startssl > the system prompts with > > <Some of your private key files are encrypted for security reasons. > In order to read them, you have to provide us with the pass phrases. > securedomainname.com:443(RSA)> > > I enter the pass phrase, and it returns > > <Ok: Pass Phrase Dialog successful> > > and then I get an "Unable to start httpd" error message. > > I checked the /logs/error_log file where there is a record of a grumble... > <yadda, yadda, yadda, .... key values mismatch>. > Rather than spend hours attempting to make new .key and .csr files, and then > to "trick" the system into accepting my old.crt file, I need to ask the > question whether this is even feasible. Was my original KEY file generated > with a random seed routine that made it so that when I sent my CSR file to > Thawte, I cannot ever create a KEY file on this server that would match to > my old CRT? > > NOW that I see their caveat, > "Now PLEASE backup your www.xxx.com.key and make a note of the passphrase. > Losing your key will cost you money!" I imagine this is why this can't be > done, but I have to pose the question, just to be sure. No use spending > another 100 bucks if I don't have to. TIA, > > Baffled and UNCERTIFIED on CRT'S, I remain... > > Andrew Lietzow > The ACL Group, Inc. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
