That's what I was missing thank you very much! Bart W
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Friday, August 29, 2008 6:04 PM To: openssl-users@openssl.org Subject: Re: Exporting private key ...which I just realized I forgot to include in my original message to you. My apologies. :( -Kyle H On Fri, Aug 29, 2008 at 4:02 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > You are forgetting the '-export' commandline parameter. > > -Kyle H > > On Fri, Aug 29, 2008 at 10:48 AM, Bart Wahlgren > <[EMAIL PROTECTED]> wrote: >> Thanks for the help but I'm having some issues. Windows does require the >> file to be in .pfx format. Here is command that I'm entering to generate the >> .pfx file. The filenames came from the httpd-ssl.conf file. >> >> openssl pkcs12 -in _.ourdomain.com.crt -inkey server.key -name >> "GoDaddy-signed server certificate" -out godaddyssl.pfx -certfile >> ca-bundle.crt >> >> I get these errors >> 14973:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong >> tag:tasn_dec.c:947: >> 14973:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 >> error:tasn_dec.c:304:Type=PKCS12 >> >> What am I doing wrong? >> Thanks >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton >> Sent: Friday, August 29, 2008 4:28 AM >> To: openssl-users@openssl.org >> Subject: Re: Exporting private key >> >> In your httpd.conf, you have a SSLCertificateKeyFile option set. This >> refers to your private key file. It's probably in PEM format, and >> should be able to be imported directly into Windows's certificate >> store. >> >> If it can't be, you need to create a PKCS#12 (aka PFX) file. To do >> this, you do (the bracketed terms are placeholders for what you need, >> just type the actual filenames -- they are the options in your >> httpd.conf with the same name): >> >> openssl pkcs12 -in [SSLCertificateFile.pem] -inkey >> [SSLCertificateKeyFile.pem] -name "GoDaddy-signed server certificate" >> -out godaddyssl.pfx -certfile [SSLCACertificateFile.pem] >> >> Some of the options may not apply to you. For example, your key may >> already exist in the SSLCertificateFile. If this is the case, you can >> skip the "-inkey SSLCertificateKeyFile.pem" part. >> >> Type 'man pkcs12' on your Linux machine for more information. >> >> -Kyle H >> >> On Thu, Aug 28, 2008 at 1:23 PM, Bart Wahlgren >> <[EMAIL PROTECTED]> wrote: >>> My company currently has a wildcard SSL certificate purchased from Go Daddy. >>> It's installed on a Linux Apache web server we are going to deploy a Windows >>> web server to support a different application. Go Daddy has told me that we >>> can use the certificate on more than one server concurrently. To do this we >>> need to export the private key from the server that generated the CSR. >>> >>> >>> >>> Can someone tell me what the commands are for exporting the private key off >>> of the linux machine? >>> >>> >>> >>> Thanks >>> >>> >>> >>> Bart Wahlgren >>> >>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
