I have currently nearly the same problem with Key Manageg (IIS4.0) and IMAP.
I have generated a key for IMAP service with Key Manager, I have signed it with OpenSSL and my CA Root Certificate, and I'm trying to import the certificate with <Install Certificate> but it fails. for info: openssl rsa -in ssl.key/IIS.key -outform NET -out ssl.key/IISNET.key Is supposed to remove the passphrase from the privatekey so that you don't need to enter the passphrase eachtime you need to use the certificate. I think it is importnat for Apche only. Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Web site: http://www.sopac.org/ <http://www.sopac.org/> Support FMaps: http://fmaps.sourceforge.net/ <http://fmaps.sourceforge.net/> This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -----Original Message----- From: Nicolas Ostermann [mailto:[EMAIL PROTECTED]] Sent: Friday, 2 November 2001 11:26 To: [EMAIL PROTECTED] Subject: Failed to export a server certificate in IIS 5.0 Hello all, I am running apache-1.3.19-5 with mod_ssl-2.8.1-5 and openssl-0.9.6-9 on RedHat7.1. Everything is working perfectly within the Linux world except when I try to export key + certificate into IIS 5.0 (not my choice!). I use "import a certificate from a key manager backup file", then I select my IISNET.key file. It does NOT recognize the password I set up earlier to protect the key file. Following is what I did in my Linux server: - For my self signed CA certificate: openssl genrsa -des3 -out ssl.key/CA.key 1024 openssl req -new -x509 -days 365 -key ssl.key/CA.key -out ssl.crt/CA.crt openssl pkcs12 -export -in ssl.crt/CA.crt -inkey ssl.key/CA.key -out pkcs12/CA.p12 (pkcs12 command to have the ca certificate in pkcs12 format and be able to import it into browsers) - For my IIS server certificate: openssl genrsa -des3 -out ssl.key/IIS.key 1024 openssl req -new -key ssl.key/IIS.key -out ssl.csr/IIS.csr openssl ca -config openssl.cnf -cert ssl.crt/CA.crt -in ssl.csr/IIS.csr -keyfile ssl.key/CA.key \ -days 360 -out ssl.crt/IIS.crt openssl rsa -in ssl.key/IIS.key -outform NET -out ssl.key/IISNET.key (rsa is supposed to change the format of the server private key file to be able to import it into IIS) I did a search in the mailling list, without any success. Any idea of what I am doing wrong. I was thinking of using two files (IIS.crt and IISNET.key), putting together in a single certificate? Any help will be rally appreciated. Thanks. Nicolas ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
