You are forgetting the '-export' commandline parameter. -Kyle H
On Fri, Aug 29, 2008 at 10:48 AM, Bart Wahlgren <[EMAIL PROTECTED]> wrote: > Thanks for the help but I'm having some issues. Windows does require the file > to be in .pfx format. Here is command that I'm entering to generate the .pfx > file. The filenames came from the httpd-ssl.conf file. > > openssl pkcs12 -in _.ourdomain.com.crt -inkey server.key -name > "GoDaddy-signed server certificate" -out godaddyssl.pfx -certfile > ca-bundle.crt > > I get these errors > 14973:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:947: > 14973:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:304:Type=PKCS12 > > What am I doing wrong? > Thanks > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton > Sent: Friday, August 29, 2008 4:28 AM > To: openssl-users@openssl.org > Subject: Re: Exporting private key > > In your httpd.conf, you have a SSLCertificateKeyFile option set. This > refers to your private key file. It's probably in PEM format, and > should be able to be imported directly into Windows's certificate > store. > > If it can't be, you need to create a PKCS#12 (aka PFX) file. To do > this, you do (the bracketed terms are placeholders for what you need, > just type the actual filenames -- they are the options in your > httpd.conf with the same name): > > openssl pkcs12 -in [SSLCertificateFile.pem] -inkey > [SSLCertificateKeyFile.pem] -name "GoDaddy-signed server certificate" > -out godaddyssl.pfx -certfile [SSLCACertificateFile.pem] > > Some of the options may not apply to you. For example, your key may > already exist in the SSLCertificateFile. If this is the case, you can > skip the "-inkey SSLCertificateKeyFile.pem" part. > > Type 'man pkcs12' on your Linux machine for more information. > > -Kyle H > > On Thu, Aug 28, 2008 at 1:23 PM, Bart Wahlgren > <[EMAIL PROTECTED]> wrote: >> My company currently has a wildcard SSL certificate purchased from Go Daddy. >> It's installed on a Linux Apache web server we are going to deploy a Windows >> web server to support a different application. Go Daddy has told me that we >> can use the certificate on more than one server concurrently. To do this we >> need to export the private key from the server that generated the CSR. >> >> >> >> Can someone tell me what the commands are for exporting the private key off >> of the linux machine? >> >> >> >> Thanks >> >> >> >> Bart Wahlgren >> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
