Basic SSL/Certificates

Basic SSL/Certificates

am 01.04.2003 13:05:42 von withd2

Hi,

This is proabably a real basic SSL question but I hope someone can put me
out of my misery.

I have Apache/Weblogic up and running using the demo keys and certs
provided by Weblogic
I have 3 files : ca.pem, democert.pem and demokey.pem. They are referenced
in 3 places in my httpd.conf file i.e
SSLCertificateFile c:/bea/wlserver6.1/config/devdomain/democert.pem
SSLCertificateKeyFile c:/bea/wlserver6.1/config/devdomain/demokey.pem
TrustedCAFile c:/bea/wlserver6.1/config/devdomain/ca.pem (apache/weblogic
plugin parameter).
Now that is working I have been given a 'real' certificate to use -
cert.der. I am told this is a PKCS#12 file and should contain key and
certificate.

Question is I don't know what to do with it. I am getting confused when
reading documentation that I need to convert .der's to .pem's etc. Do I need
to extract the key ? If I reference this file directly in Apache it won't
start - it doesn't like the format. Do I use OpenSSL and use this file to
create 3 pem files as used above ?

Any pointers gratefully received.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Basic SSL/Certificates

am 01.04.2003 13:25:14 von Leung Ming Tak

Hi,

You may extract the key and cert with the following command:

openssl pkcs12 -in cert.der -nodes -out certAndKey.pem

Then, you can extract cert.pem and key.pem from the output file.

ca.pem is probably used for authentication and not for SSL server setup.

Rgds.
Martin


>
> Hi,
>
> This is proabably a real basic SSL question but I hope someone can pu=
t
> me
> out of my misery.
>
> I have Apache/Weblogic up and running using the demo keys and certs
> provided by Weblogic
> I have 3 files : ca.pem, democert.pem and demokey.pem. They are
> referenced
> in 3 places in my httpd.conf file i.e
> SSLCertificateFile c:/bea/wlserver6.1/config/devdomain/democert.pem
> SSLCertificateKeyFile c:/bea/wlserver6.1/config/devdomain/demokey.pem
> TrustedCAFile c:/bea/wlserver6.1/config/devdomain/ca.pem
> (apache/weblogic
> plugin parameter).
> Now that is working I have been given a 'real' certificate to use -
> cert.der. I am told this is a PKCS#12 file and should contain key and
> certificate.
>
> Question is I don't know what to do with it. I am getting confused when
> reading documentation that I need to convert .der's to .pem's etc. Do I
> need to extract the key ? If I reference this file directly in Apache i=
t
> won't start - it doesn't like the format. Do I use OpenSSL and use this
> file to create 3 pem files as used above ?
>
> Any pointers gratefully received.
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org