Migrating cert from Sun Web Server

Migrating cert from Sun Web Server

am 09.08.2005 20:45:43 von SB

I've already paid for a few Verisign certs (that were requested from
and installed on Sun Web Server aka SWS aka ONE aka iPlanet) and now
we are migrating from SWS to Apache and mod_ssl. I would like to reuse
the certs but they (and the keys) use some weird db format. I have the
certs in my email somewhere still so all I need is the keys. Anyone
know how I can extract the key from the db file or elsewhere for use
with mod_ssl and Apache2?

I've already looked in the docs[1] and googled a bit but so far
nothing. Any help is greatly appreciated!

SB
-----
[1] http://docs.sun.com/source/817-1831-10/agcert.html#wp1004981
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Migrating cert from Sun Web Server

am 09.08.2005 21:21:26 von Phil Ehrens

SB wrote:
> I've already paid for a few Verisign certs (that were requested from
> and installed on Sun Web Server aka SWS aka ONE aka iPlanet) and now
> we are migrating from SWS to Apache and mod_ssl. I would like to reuse
> the certs but they (and the keys) use some weird db format. I have the
> certs in my email somewhere still so all I need is the keys. Anyone
> know how I can extract the key from the db file or elsewhere for use
> with mod_ssl and Apache2?
>
> I've already looked in the docs[1] and googled a bit but so far
> nothing. Any help is greatly appreciated!

Look here (search for pk12util):

http://docs.sun.com/source/816-5682-10/esecurty.htm

--
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org
California Institute of Technology | http://www.yellow5.com
1200 East California Blvd. | http://www.total.net/~fishnet/
Pasadena, CA 91125 USA | http://slashdot.org
Phone:(626)395-8518 Fax:(626)793-9744 | http://kame56.homepage.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Migrating cert from Sun Web Server

am 09.08.2005 21:50:08 von SB

On 8/9/05, Phil Ehrens wrote:

> Look here (search for pk12util):
>=20
> http://docs.sun.com/source/816-5682-10/esecurty.htm

Thanks! I actually found it on the Sun Forum too. Apparently it's
kinda tricky to use so here's the process...

# export LD_LIBRARY_PATH=3D/bin/https/lib
# cd /alias
# ../bin/https/admin/bin/pk12util -o export.pkcs12 -n Server-Cert -d .
-P "https-hostname-hostname-"
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file:=20
Re-enter password:=20
pk12util: PKCS12 EXPORT SUCCESSFUL
# ls -tlra export.pkcs12
-rw------- 1 root root 3372 Aug 9 12:16 export.pkcs12
#

Then you can extract either the key or the cert...

# openssl pkcs12 -info -in export.pkcs12=20
Enter Import Password:
....
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
....
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org