Marek Marcola wrote: Okay, I did everything you told me to do. First of all, the crt is a test crt and has been all along. That's how Verisign works these days. They give you a test cert until you pay them money.
When I displayed the key, then converted it to pem format and displayed the converted key, they looked pretty much the same to me. I've included them below. The instructions that I'm following < http://trac.lighttpd.net/trac/wiki/Docs%3ASSL > state I should cat the crt and the key into a pem file: $ cat host.key host.crt > host.pem I tried that with the old key (since they looked identical and since the new one was a pem file already) and got this error from the server: server167# /usr/local/sbin/lighttpd -f /usr/ports/www/lighttpd/doc/lighttpd.conf Duplicate config variable in conditional 2 global/SERVERsocket==202.71.106.119:443: ssl.pemfile 2006-11-14 11:50:52: (configfile.c.827) source: /usr/ports/www/lighttpd/doc/lighttpd.conf line: 228 pos: 13 parser failed somehow near here: (EOL) The line it chokes on is the server.name: #### SSL engine $SERVER["socket"] == "202.71.106.119:443" { ssl.engine = "enable" ssl.pemfile = "/etc/ssl/certs/2012.vi.pem" ssl.pemfile = "/etc/ssl/certs/mrtablecloth-vi.com.pem" ssl.ca-file = "/etc/ssl/certs/mrtablecloth-vi.com.crt" server.name = "www.2012.vi" server.document-root = "/usr/htdocs/" } I tried it with the new key/pem file with the same result. What doesn't it like about the server name? Why is it getting a duplicate configuration? Because of the cat? TIA, beno server167# openssl base64 -d -in private.key | openssl rsa -inform der -text -noout Private-Key: (1024 bit) modulus: 00:e1:86:57:8c:9d:c0:70:36:4b:cf:ab:af:83:4d: 4f:f8:53:85:e0:f0:3b:13:98:13:63:61:70:4e:43: 59:e5:ab:c9:7a:2c:8a:b0:05:80:e9:e2:e6:ea:8e: f8:82:80:09:f4:6e:5f:d1:33:1b:90:f8:82:83:73: b3:ac:77:b4:7f:a4:aa:ea:a5:0b:f5:6a:e7:21:a9: 2e:d3:a6:2e:51:f3:ab:b5:93:09:9f:a0:77:84:5d: 38:dd:f1:fb:4f:a5:2a:da:06:61:8c:dd:8a:f7:f7: 39:ae:e3:31:35:22:b6:51:ac:ad:3f:75:e1:2a:cd: 43:92:50:8f:ec:21:05:f1:93 publicExponent: 65537 (0x10001) privateExponent: 00:d2:13:ca:49:fa:48:e0:3e:33:b0:67:45:3f:12: 2d:84:2c:89:71:57:56:30:92:60:bd:1a:6e:fa:f8: 52:2d:57:30:7e:d6:2e:fa:78:a5:f5:38:9f:d1:af: 0c:5e:c3:d6:82:12:ae:be:b8:d4:dc:de:20:f5:42: 3a:04:56:1d:93:69:96:95:d1:d6:34:6e:d9:6a:4d: 56:fa:30:4c:0b:fb:4b:aa:cc:ee:04:b3:11:5e:e8: 14:b8:dd:76:5b:c0:06:4a:1f:1c:94:49:c2:0c:75: 98:17:8d:66:b5:00:8a:bd:83:58:b7:8c:0b:d4:de: 81:4a:b1:b9:c1:33:03:4f:41 prime1: 00:f5:9e:91:0a:54:86:93:48:41:ba:10:6f:89:f1: 52:ae:02:17:6f:4b:e0:f6:f4:ec:b1:a5:b0:be:5b: b3:69:67:c4:4e:36:b2:e6:7d:00:a2:28:08:0e:57: e7:e7:be:c8:de:37:29:5f:fa:f8:8d:97:89:11:16: af:21:16:7a:17 prime2: 00:eb:0e:5d:87:13:0e:e0:26:91:ac:5a:a4:e4:b0: f3:d5:d1:2d:95:ee:d9:ee:7d:da:9f:eb:33:6e:ab: 8c:4e:23:30:66:84:be:7f:29:c8:cd:b8:42:89:0a: 00:9c:7d:7f:49:7c:a6:40:8e:aa:d7:7b:49:69:52: 71:fc:0e:fd:e5 exponent1: 54:8d:d6:be:68:a4:bf:55:13:93:5b:0f:1a:bc:a1: ca:d7:5b:7b:eb:f2:30:f1:d5:fd:bd:dd:5f:5a:b0: 23:ac:1e:2f:12:b3:79:97:34:bd:9d:ec:50:0b:c1: 00:cd:73:d6:d3:c4:81:8f:23:3b:93:1c:13:6e:ec: b1:06:4c:d7 exponent2: 68:30:08:e2:cb:5e:c7:9a:30:ed:bd:8b:e3:56:4f: ee:51:76:ac:43:9f:d3:a7:73:55:79:12:66:16:a1: ed:2c:89:d2:97:3a:3c:f1:4f:71:68:20:0d:d0:22: 2f:3b:2d:45:6c:7b:e0:97:9c:40:41:04:6c:2b:c0: 1c:62:a4:c5 coefficient: 00:c7:a8:af:b2:90:71:6e:e8:1f:eb:f7:78:d6:76: 0a:27:fa:a3:41:fc:32:7b:64:e1:dd:35:ad:26:67: 73:ff:ee:50:22:c7:c5:25:2f:58:d4:96:db:cc:50: 62:45:d0:5e:ba:fa:66:87:48:94:ca:3b:6a:46:1d: 49:df:34:fb:b3 server167# openssl base64 -d -in private.key | openssl rsa -inform der > private.key.pem writing RSA key server167# openssl rsa -in private.key.pem -text -noout Private-Key: (1024 bit) modulus: 00:e1:86:57:8c:9d:c0:70:36:4b:cf:ab:af:83:4d: 4f:f8:53:85:e0:f0:3b:13:98:13:63:61:70:4e:43: 59:e5:ab:c9:7a:2c:8a:b0:05:80:e9:e2:e6:ea:8e: f8:82:80:09:f4:6e:5f:d1:33:1b:90:f8:82:83:73: b3:ac:77:b4:7f:a4:aa:ea:a5:0b:f5:6a:e7:21:a9: 2e:d3:a6:2e:51:f3:ab:b5:93:09:9f:a0:77:84:5d: 38:dd:f1:fb:4f:a5:2a:da:06:61:8c:dd:8a:f7:f7: 39:ae:e3:31:35:22:b6:51:ac:ad:3f:75:e1:2a:cd: 43:92:50:8f:ec:21:05:f1:93 publicExponent: 65537 (0x10001) privateExponent: 00:d2:13:ca:49:fa:48:e0:3e:33:b0:67:45:3f:12: 2d:84:2c:89:71:57:56:30:92:60:bd:1a:6e:fa:f8: 52:2d:57:30:7e:d6:2e:fa:78:a5:f5:38:9f:d1:af: 0c:5e:c3:d6:82:12:ae:be:b8:d4:dc:de:20:f5:42: 3a:04:56:1d:93:69:96:95:d1:d6:34:6e:d9:6a:4d: 56:fa:30:4c:0b:fb:4b:aa:cc:ee:04:b3:11:5e:e8: 14:b8:dd:76:5b:c0:06:4a:1f:1c:94:49:c2:0c:75: 98:17:8d:66:b5:00:8a:bd:83:58:b7:8c:0b:d4:de: 81:4a:b1:b9:c1:33:03:4f:41 prime1: 00:f5:9e:91:0a:54:86:93:48:41:ba:10:6f:89:f1: 52:ae:02:17:6f:4b:e0:f6:f4:ec:b1:a5:b0:be:5b: b3:69:67:c4:4e:36:b2:e6:7d:00:a2:28:08:0e:57: e7:e7:be:c8:de:37:29:5f:fa:f8:8d:97:89:11:16: af:21:16:7a:17 prime2: 00:eb:0e:5d:87:13:0e:e0:26:91:ac:5a:a4:e4:b0: f3:d5:d1:2d:95:ee:d9:ee:7d:da:9f:eb:33:6e:ab: 8c:4e:23:30:66:84:be:7f:29:c8:cd:b8:42:89:0a: 00:9c:7d:7f:49:7c:a6:40:8e:aa:d7:7b:49:69:52: 71:fc:0e:fd:e5 exponent1: 54:8d:d6:be:68:a4:bf:55:13:93:5b:0f:1a:bc:a1: ca:d7:5b:7b:eb:f2:30:f1:d5:fd:bd:dd:5f:5a:b0: 23:ac:1e:2f:12:b3:79:97:34:bd:9d:ec:50:0b:c1: 00:cd:73:d6:d3:c4:81:8f:23:3b:93:1c:13:6e:ec: b1:06:4c:d7 exponent2: 68:30:08:e2:cb:5e:c7:9a:30:ed:bd:8b:e3:56:4f: ee:51:76:ac:43:9f:d3:a7:73:55:79:12:66:16:a1: ed:2c:89:d2:97:3a:3c:f1:4f:71:68:20:0d:d0:22: 2f:3b:2d:45:6c:7b:e0:97:9c:40:41:04:6c:2b:c0: 1c:62:a4:c5 coefficient: 00:c7:a8:af:b2:90:71:6e:e8:1f:eb:f7:78:d6:76: 0a:27:fa:a3:41:fc:32:7b:64:e1:dd:35:ad:26:67: 73:ff:ee:50:22:c7:c5:25:2f:58:d4:96:db:cc:50: 62:45:d0:5e:ba:fa:66:87:48:94:ca:3b:6a:46:1d: 49:df:34:fb:b3 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
