Hi!
I have a problem. I have a valid server certificate and the according private key.
Now I want to take these 2 files an with then install thee SSL-Certificate to my Web
(on IIS 5.0).
But this is not as easy as in IIS 4.0, where you could just start up your
key manager, insert the two files an have a valid certificate, noooo! It looks like I
can only install either certificates that I specifically requested on the same server
or I can install certificates either from a PKCS #12 (.pfx) file or a key manager
backup
file (.key) from IIS 4.0.
Now I thought about just taking the two files and create a .key-File from them, but
therefore
the certificate would already have to be installed on a web in IIS 4.0, which most of
them are
not (and doing so just to be able to export them again is not an option).
So I looked at the .key-file with my Hexeditor, and saw that the .key-File looks
pretty much like
the certificate just being pasted behind the private key - BUT three bytes, one at the
beginning of
the .key file and two in between the private key part and the certificate part.
After trying this with about ten certificate/key set, and trying to find any
similarity between different
.key-files for the three bytes, I gave up finding out about the ominous "three bytes".
So I thought about creating a PKCS #12 file from my certificate/key set, since I can
also import a .pfx
file into IIS 5.0. For doing that, I downloaded and compiled OpenSSL (Aha, we're
getting to the topic :-))
I found, that I have to use openssl.exe with the pkcs12 to create such a file and
issued following text
at the command prompt:
openssl pkcs12 -export -in C:\Work\cert.cer -inkey C:\Work\private.txt -out
C:\Work\Output.pfx
This won't work 'though, presumably because my private key is encoded in a wrong
format (at least that's
what I think...). That's the complete error message:
Error loading private key
1876:error:0906D06C:PEM routines:PEM_read_bio:no start
line:.\crypto\pem\pem_lib.c:662:Expecting: ANY PRIVATE KEY
So, now finally my question: First, what encoding have certificate and private key
have to have for working
with the above command. Second, and that is the main reason for my prolonged mail: Am
I doing something
complete wrong? Did I miss something? I seams very strange, that it is such a hassle
to install a valid
certificate with the valid according private key to IIS 5.0.
So, again sorry for the long mail, and I hope someone out there can help me.
Thanks in advance,
Thomas Christmann
NT-Systemprogrammierer
mailto:[EMAIL PROTECTED]
Schlund + Partner AG
Erbprinzenstrasse 4-12
D-76133 Karlsruhe
http://www.schlund.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
