Thanks for the help but I'm having some issues. Windows does require the file to be in .pfx format. Here is command that I'm entering to generate the .pfx file. The filenames came from the httpd-ssl.conf file. openssl pkcs12 -in _.ourdomain.com.crt -inkey server.key -name "GoDaddy-signed server certificate" -out godaddyssl.pfx -certfile ca-bundle.crt
I get these errors 14973:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:947: 14973:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=PKCS12 What am I doing wrong? Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Friday, August 29, 2008 4:28 AM To: openssl-users@openssl.org Subject: Re: Exporting private key In your httpd.conf, you have a SSLCertificateKeyFile option set. This refers to your private key file. It's probably in PEM format, and should be able to be imported directly into Windows's certificate store. If it can't be, you need to create a PKCS#12 (aka PFX) file. To do this, you do (the bracketed terms are placeholders for what you need, just type the actual filenames -- they are the options in your httpd.conf with the same name): openssl pkcs12 -in [SSLCertificateFile.pem] -inkey [SSLCertificateKeyFile.pem] -name "GoDaddy-signed server certificate" -out godaddyssl.pfx -certfile [SSLCACertificateFile.pem] Some of the options may not apply to you. For example, your key may already exist in the SSLCertificateFile. If this is the case, you can skip the "-inkey SSLCertificateKeyFile.pem" part. Type 'man pkcs12' on your Linux machine for more information. -Kyle H On Thu, Aug 28, 2008 at 1:23 PM, Bart Wahlgren <[EMAIL PROTECTED]> wrote: > My company currently has a wildcard SSL certificate purchased from Go Daddy. > It's installed on a Linux Apache web server we are going to deploy a Windows > web server to support a different application. Go Daddy has told me that we > can use the certificate on more than one server concurrently. To do this we > need to export the private key from the server that generated the CSR. > > > > Can someone tell me what the commands are for exporting the private key off > of the linux machine? > > > > Thanks > > > > Bart Wahlgren > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
