Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WebStar SSL -> Apache

Hmm, try this:

openssl asn1parse -inform DER -in <private-key> -i -offset 21 -out
newkey

This should generate a DER-encoded PKCS#8 key using your old keyfile.

Now:

openssl pkcs8 -in newkey -inform DER -outform PEM -out pemkey

This should convert the DER-encoded key to a PEM-encoded private key.
Then, try having Apache use the resultant "pemkey"...

(Note, this information has been munged by me, relying off a Google
search. I've no access to a WebStar-generated key to verify if this
will work.)

--Micahel

> -----Original Message-----
> From: Michael S. Fischer [mailto:email@hidden]
> Sent: Tuesday, April 29, 2003 4:11 PM
> To: 'Ezra'; 'email@hidden'
> Subject: RE: WebStar SSL -> Apache
>
>
> The certificate is a copy of your public key, signed with the
> CA's private key. You won't be able to obtain your private
> key from it (it's meant to be publicly distributed).
>
> The contents of the key file should look like this:
>
> -----BEGIN RSA PRIVATE KEY-----
> [...]
> -----END RSA PRIVATE KEY-----
>
> The way to see if the private key file is compatible with Apache:
>
> openssl rsa -in <key-file> -text
>
> Sorry, but I don't know what you should do if they key file
> is incompatible. Consider contacting the vendor and asking
> how to get your key out in PEM format (as required by OpenSSL).
>
> --Michael
>
> > -----Original Message-----
> > From: email@hidden
> > [mailto:email@hidden] On Behalf Of Ezra
> > Sent: Tuesday, April 29, 2003 3:27 PM
> > To: email@hidden
> > Subject: Re: WebStar SSL -> Apache
> >
> >
> > I issued the following command as suggested and I was able
> to see the
> > certificate information. Therefore, I believe I should
> > probably find a
> > way to generate a private.key from either the original certificate
> > request or find a way to convert the private.key created by
> webstar.
> > When using the original private.key with apache it
> complains that it
> > was not found and when trying to start with a newly created
> > private.key
> > with exact same info as original, apache says its started but
> > I believe
> > dies right away.
> >
> > I am going to spend a spend a couple of more hours trying to
> > fix it, if
> > not, I am just going to get a new certificate with a new
> private key.
> >
> > Thanks for all your help.
> >
> > thanks,
> > Ezra
> >
> > On Tuesday, April 29, 2003, at 03:22 PM, Michael S. Fischer wrote:
> >
> > > Depends on what the certificate looks like. If you can run this
> > > successfully:
> > >
> > > openssl x509 -in <certificate-file> -text
> > >
> > > Then your certificate can be used with Apache's mod_ssl.
> > >
> > > --Michael
> > >
> > >
> > >> -----Original Message-----
> > >> From: email@hidden
> > >> [mailto:email@hidden] On Behalf Of Ezra
> > >> Sent: Tuesday, April 29, 2003 11:45 AM
> > >> To: email@hidden
> > >> Subject: WebStar SSL -> Apache
> > >>
> > >>
> > >> Hi!
> > >>
> > >> Would a verisign issued certificate for Webstar4 work with
> > apache? Is
> > >> there a way to convert a private key generated by WebStar4
> > to apache
> > >> (openssl & mod_ssl) private key. I do have the actual csr
> > generated
> > >> by WebStar4 ssl tool as well if that would be any helpful.
> > >>
> > >> By the way, I find this group very helpful.
> > >>
> > >> thanks,
> > >> Ezra
> > >> _______________________________________________
> > >> macos-x-server mailing list | email@hidden
> > >> Help/Unsubscribe/Archives:
> > >> http://www.lists.apple.com/mailman/listinfo/ma> cos-x-server Do
> > >> not post admin requests to the list. They
> > >> will be ignored.
> > _______________________________________________
> > macos-x-server mailing list | email@hidden
> > Help/Unsubscribe/Archives:
> > http://www.lists.apple.com/mailman/listinfo/ma> cos-x-server
> > Do
> > not post admin requests to the list. They
> > will be ignored.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.