--- Charles Cranston <[EMAIL PROTECTED]> wrote:
> Usually not. Do the two have the same DNS name?
> Can the "new" server correctly decrypt the private
> key (if it is pass-phrase encrypted)?
>
> I guess to go much further we should know what kind
> of server software is in use. If it is apache,
> what does the log file say at at startup?
>
> You can ensure the cert and key match by comparing
> the modulus (and exponent :-) fields from:
>
> openssl x509 -noout -text -in <certificatefile>
> openssl rsa -noout -text -in <privatekeyfile>
>
> If the private key is encrypted with a passphrase,
> you will need to give it for the "openssl rsa" call.
Thank you very much for your reply. This is really
turning out to be stubborn. I ran the commands you
specified, and the short exponent fields match, but it
doesn't look like the long modulus fields match. I
also generated a new private key with exactly the
information specified by the certificate command
above, and have the same results.
The Apache2 error_log says:
[Fri Jul 09 13:11:34 2004] [error] Unable to configure
RSA server private key
[Fri Jul 09 13:11:34 2004] [error] SSL Library Error:
185073780 error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch
Also, there is no pass-phrase for the private key.
What can I do next?
- Grant
>
> Grant wrote:
>
> > I generated a CSR and private key on my old
> (current)
> > server, and I'm having trouble getting the
> certificate
> > and key to not error on my new server. Do the CSR
> and
> > private key need to be generated from the server
> they
> > will be installed on?
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
