cannot install a SSL certificate : any idea folks ? Thanks
cannot install a SSL certificate : any idea folks ? Thanks
am 16.11.2009 08:05:31 von sieger007
--001636e0af30984490047877a2f4
Content-Type: text/plain; charset=ISO-8859-1
Hello Friends
I'm trying to figure out why I cannot install a SSL certificate that I'd
been given. Using openssl, I looked at the key file that was generated by
openssl, and the corresponding certificate file that was returned by the CA.
I noticed that the modulus part does not match. I think they have to match,
right?
*Key file*
modulus:
00:b9:etc ...L2
7f:1c:37:f7:...L3
..
all the way to L9
publicExponent: 65537 (0x10001)
*Certificate file*
Modulus (1024 bit):
l1
l2
all the way to l9
but none of the lines L1 and l1 , L2 and l2 ever match
Exponent: 65537 (0x10001)
Also I noticed that the subject part does not match. This is the subject
line from the two files:
*Key file*
Subject: O=foo, OU=bar, CN=something.com
*Certificate file*
Subject: C=US, ST=, L=, O=OU=*.
CN=*.
Is this an issue? Should I request for a new certificate with the same
subject line?
I'm not too familiar with how a certificate is generated from the
certificate request file, so any insight into the process would be
appreciated.
Thanks for your help folks
Sam
--001636e0af30984490047877a2f4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hello Friends
olor: rgb(51, 51, 255);">
=
I'm trying to figure out why I =
cannot
install a SSL certificate that I'd been given. Using openssl, I looked
at the key file that was generated by openssl, and the corresponding
certificate file that was returned by the CA.
(51, 51, 255);">
I noticed=
that the modulus part does not match. I think they have to match, right?
div>
51, 51, 255);">Key file
e ; margin: 0pt 0pt 0pt 40px; padding: 0px; color: rgb(51, 51, 255);">modul=
us:
=A000:b9:etc ...L2
=A07f:1c:37:f7:...L3
..
=
=A0 all the way to L9
publicExponent: 65537 (0x10001)
>
0pt 0pt 40px; padding: 0px; color: rgb(51, 51, 255);">
Modulus (1024 bit):
=A0 l1
=A0 l2
=A0 all the w=
ay to l9
=A0 but none of the lines L1 and l1 , L2 and l2 ever mat=
ch
Exponent: 65537 (0x10001)
1, 51, 255);">
Also I noticed that the subject par=
t does not match. This is the subject line from the two files:
yle=3D"color: rgb(51, 51, 255);">
255);">
Key file=A0
0pt 0pt 0pt 40px; padding: 0px; color: rgb(51, 51, 255);">Subject: O=3Dfoo,=
OU=3Dbar, CN=3D
ockquote>
51, 51, 255);">Certificate file
dium none ; margin: 0pt 0pt 0pt 40px; padding: 0px; color: rgb(51, 51, 255)=
;">
Subject: C=3DUS, ST=3D<state name >, L=3D<value2>, O=3D<valu=
e3>OU=3D*.<value4> CN=3D*.<value5>
"color: rgb(51, 51, 255);">
">Is this an issue? Should I request for a new certificate with the same su=
bject line?
51, 51, 255);">I'm
not too familiar with how a certificate is generated from the
certificate request file, so any insight into the process would be
appreciated.
color: rgb(51, 51, 255);">Thanks f=
or your help folks
=3D"color: rgb(51, 51, 255);">Sam
--001636e0af30984490047877a2f4--
Re: cannot install a SSL certificate : any idea folks ?
am 16.11.2009 14:16:08 von Krist van Besien
On Mon, Nov 16, 2009 at 8:05 AM, sieger007@gmail.com
wrote:
> I'm trying to figure out why I cannot install a SSL certificate that I'd
> been given.
What did you exactly do, and what error messages did you receive, what
problems do you have? Just telling us that you have a problem is not
really sufficient.
> I'm not too familiar with how a certificate is generated from the
> certificate request file, so any insight into the process would be
> appreciated.
You create a key, then create a certificate signing request. This you
send to your CA. It will come back with the CA's signature.
Your key doesn't have a "subject", but your certificate request does,
and if it doesn't match the of the signed certificate something went
wrong. Public key information must also match.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot install a SSL certificate : any ideafolks ? Thanks
am 16.11.2009 15:17:12 von Mark Watts
--=-5dMtxce4T/2VAZ9QiOSj
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sun, 2009-11-15 at 23:05 -0800, sieger007@gmail.com wrote:
> Hello Friends
>=20
>=20
> I'm trying to figure out why I cannot install a SSL certificate that
> I'd been given. Using openssl, I looked at the key file that was
> generated by openssl, and the corresponding certificate file that was
> returned by the CA.
I assume you did the following:
1) Generate a key:
$ openssl genrsa -out www.example.com-key 2048
Generating RSA private key, 2048 bit long modulus
..............................................+++
....+++
e is 65537 (0x10001)
2) Generate a Certificate Sigining Request (CSR):
$ openssl req -new -key www.example.com-key -out
www.example.com-csr
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished
Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:Greater London
Locality Name (eg, city) [Newbury]:London
Organization Name (eg, company) [My Company Ltd]:Acme Websites
Ltd.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname)
[]:www.example.com
Email Address []:
=20
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3) Buy a certificate:
Go to www.verisign.com (or wherever) and buy a certificate.
Upload the CSR file you generated when they ask for it.
Download the Certificate when they let you.
=20
4) Setup an SSL Vhost:
=20
ServerName "www.example.com"
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/ssl/www.example.com-cert"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/www.example.com-key"
...
If you are running SELinux, ensure the context is correct.
Ensure both files are mode 400 and owned by root.
This should be all you need to do, aside from any other mod_ssl
configuration you need.
Mark.
--=20
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
--=-5dMtxce4T/2VAZ9QiOSj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAksBXugACgkQBn4EFUVUIO3H3QCeLGBMHvnhQacnksM0KYRj KffF
Tl0AoMUMFDopN34L/Z0V5TESLa8D4HuF
=Oy/O
-----END PGP SIGNATURE-----
--=-5dMtxce4T/2VAZ9QiOSj--
Re: cannot install a SSL certificate : any idea folks ?
am 16.11.2009 21:48:36 von sieger007
--001636e1f7ab2cfd450478832255
Content-Type: text/plain; charset=ISO-8859-1
Thank you friends. This SSL stuff drives me nuts .
Just to clarify, I had sent a certificate request with xyz.abc.com
as the common name. I got back a
certificate with *.
abc.com as the common name from the CA. Can I still use the same key or is
it a mismatch?
On Mon, Nov 16, 2009 at 6:17 AM, Mark Watts wrote:
> On Sun, 2009-11-15 at 23:05 -0800, sieger007@gmail.com wrote:
> > Hello Friends
> >
> >
> > I'm trying to figure out why I cannot install a SSL certificate that
> > I'd been given. Using openssl, I looked at the key file that was
> > generated by openssl, and the corresponding certificate file that was
> > returned by the CA.
>
> I assume you did the following:
>
> 1) Generate a key:
>
> $ openssl genrsa -out www.example.com-key 2048
> Generating RSA private key, 2048 bit long modulus
> ..............................................+++
> ....+++
> e is 65537 (0x10001)
>
> 2) Generate a Certificate Sigining Request (CSR):
>
> $ openssl req -new -key www.example.com-key -out
> www.example.com-csr
> You are about to be asked to enter information that will be
> incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished
> Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [GB]:
> State or Province Name (full name) [Berkshire]:Greater London
> Locality Name (eg, city) [Newbury]:London
> Organization Name (eg, company) [My Company Ltd]:Acme Websites
> Ltd.
> Organizational Unit Name (eg, section) []:
> Common Name (eg, your name or your server's hostname)
> []:www.example.com
> Email Address []:
>
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password []:
> An optional company name []:
>
> 3) Buy a certificate:
>
> Go to www.verisign.com (or wherever) and buy a certificate.
> Upload the CSR file you generated when they ask for it.
> Download the Certificate when they let you.
>
> 4) Setup an SSL Vhost:
>
>
> ServerName "www.example.com"
> SSLEngine on
> SSLCertificateFile "/etc/httpd/conf/ssl/www.example.com-cert"
> SSLCertificateKeyFile "/etc/httpd/conf/ssl/www.example.com-key"
> ...
>
>
> If you are running SELinux, ensure the context is correct.
> Ensure both files are mode 400 and owned by root.
>
> This should be all you need to do, aside from any other mod_ssl
> configuration you need.
>
> Mark.
>
> --
> Mark Watts BSc RHCE MBCS
> Senior Systems Engineer, Managed Services Manpower
> www.QinetiQ.com
> QinetiQ - Delivering customer-focused solutions
> GPG Key: http://www.linux-corner.info/mwatts.gpg
>
--001636e1f7ab2cfd450478832255
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Thank you friends. This SSL stuff =
drives me nuts .
=3D"color: rgb(51, 51, 255);">Just to clarify, I had sent a certificate req=
uest with
alspry.house.gov/" target=3D"_blank">xyz.abc.com=A0
: rgb(51, 51, 255);"> as the common name. I got back a certificate with *.<=
a href=3D"http://abc.com">abc.com=A0 as the common name from the CA. Ca=
n I still use the same key or is it a mismatch?
On Mon, Nov 16, 2009 at 6:17 AM, Mark Watts =
<m.watts@e=
ris.qinetiq.com> wrote:
style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8=
ex; padding-left: 1ex;">
On Sun, 2009-11-15 at 23:05 -0800,
er007@gmail.com">sieger007@gmail.com wrote:
> Hello Friends
>
>
> I'm trying to figure out why I cannot install a SSL certificate th=
at
> I'd been given. Using openssl, I looked at the key file that was
r>
> generated by openssl, and the corresponding certificate file that was<=
br>
> returned by the CA.
1) Generate a key:
=A0 =A0 =A0 =A0$ openssl genrsa -out www.example.com-key 2048
=A0 =A0 =A0 =A0Generating RSA private key, 2048 bit long modulus
=A0 =A0 =A0 =A0..............................................+++
=A0 =A0 =A0 =A0....+++
=A0 =A0 =A0 =A0e is 65537 (0x10001)
2) Generate a Certificate Sigining Request (CSR):
=A0 =A0 =A0 =A0$ openssl req -new -key www.example.com-key -out
=A0 =A0 =A0 =A0www.example.com-csr
=A0 =A0 =A0 =A0You are about to be asked to enter information that will be=
=A0 =A0 =A0 =A0incorporated
=A0 =A0 =A0 =A0into your certificate request.
=A0 =A0 =A0 =A0What you are about to enter is what is called a Distinguish=
ed
=A0 =A0 =A0 =A0Name or a DN.
=A0 =A0 =A0 =A0There are quite a few fields but you can leave some blank
r>
=A0 =A0 =A0 =A0For some fields there will be a default value,
=A0 =A0 =A0 =A0If you enter '.', the field will be left blank.
=A0 =A0 =A0 =A0-----
=A0 =A0 =A0 =A0Country Name (2 letter code) [GB]:
=A0 =A0 =A0 =A0State or Province Name (full name) [Berkshire]:Greater Lond=
on
=A0 =A0 =A0 =A0Locality Name (eg, city) [Newbury]:London
=A0 =A0 =A0 =A0Organization Name (eg, company) [My Company Ltd]:Acme Websi=
tes
=A0 =A0 =A0 =A0Ltd.
=A0 =A0 =A0 =A0Organizational Unit Name (eg, section) []: <Leave blank&=
gt;
=A0 =A0 =A0 =A0Common Name (eg, your name or your server's hostname)
r>
=A0 =A0 =A0 =A0[]:www=
..example.com
=A0 =A0 =A0 =A0Email Address []: <Leave blank>
=A0 =A0 =A0 =A0Please enter the following 'extra' attributes
=A0 =A0 =A0 =A0to be sent with your certificate request
=A0 =A0 =A0 =A0A challenge password []: <Leave blank>
=A0 =A0 =A0 =A0An optional company name []: <Leave blank>
3) Buy a certificate:
=A0 =A0 =A0 =A0Go to
>www.verisign.com (or wherever) and buy a certificate.
=A0 =A0 =A0 =A0Upload the CSR file you generated when they ask for it.
=A0 =A0 =A0 =A0Download the Certificate when they let you.
4) Setup an SSL Vhost:
=A0 =A0 =A0 =A0<VirtualHost
lank">0.0.0.0:443>
=A0 =A0 =A0 =A0 ServerName =A0 =A0 "
" target=3D"_blank">www.example.com"
=A0 =A0 =A0 =A0 SSLEngine =A0 =A0 =A0on
=A0 =A0 =A0 =A0 SSLCertificateFile =A0 =A0 "/etc/httpd/conf/ssl/www.e=
xample.com-cert"
=A0 =A0 =A0 =A0 SSLCertificateKeyFile =A0"/etc/httpd/conf/ssl/www.exa=
mple.com-key"
=A0 =A0 =A0 =A0 ...
=A0 =A0 =A0 =A0</VirtualHost>
If you are running SELinux, ensure the context is correct.
Ensure both files are mode 400 and owned by root.
This should be all you need to do, aside from any other mod_ssl
configuration you need.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
>
QinetiQ - Delivering customer-focused solutions
GPG Key:
nk">http://www.linux-corner.info/mwatts.gpg
--001636e1f7ab2cfd450478832255--
Re: cannot install a SSL certificate : any idea folks? Going nuts over SSL..
am 16.11.2009 21:55:14 von rambo
On Mon, 16 Nov 2009 12:48:36 -0800
"sieger007@gmail.com" wrote:
> *.abc.com as the common name from the CA.
> Can I still use the same key or is it a mismatch?
Yes, although the wildcard for CN is not recommended,
though not so unusual either.
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot install a SSL certificate : any idea folks? Going nuts over SSL..
am 16.11.2009 23:27:45 von Crypto Sal
--------------070004000903040109030305
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 11/16/2009 03:48 PM, sieger007@gmail.com wrote:
> Thank you friends. This SSL stuff drives me nuts .
> Just to clarify, I had sent a certificate request with xyz.abc.com
> as the common name. I got back a
> certificate with *.abc.com as the common name from
> the CA. Can I still use the same key or is it a mismatch?
>
Hello,
As long as the modulus matches on the private key and certificate file,
yes it will still work.
--------------070004000903040109030305
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
http-equiv="Content-Type">
On 11/16/2009 03:48 PM, wrote:
cite="mid:80a287630911161248u319d6afnaf78ecbd4a4cc26d@mail.g mail.com"
type="cite">Thank you friends.
This SSL stuff drives me nuts .
style="color: rgb(51, 51, 255);">
Just to clarify, I had sent a
certificate request with
style="color: rgb(51, 51, 255);" href="http://cmsevalspry.house.gov/"
target="_blank">xyz.abc.com
as the common name. I got back a certificate with *.
moz-do-not-send="true" href="http://abc.com">abc.com as the
common name from the CA. Can I still use the same key or is it a
mismatch?
Hello,
As long as the modulus matches on the private key and certificate file,
yes it will still work.
--------------070004000903040109030305--
Re: cannot install a SSL certificate : any idea folks ?
am 17.11.2009 01:46:04 von sieger007
--001636e1f85d6b31000478867310
Content-Type: text/plain; charset=ISO-8859-1
Thanks.what kind of changes do I need to make to the modules. I assume that
is what you referred to by 'modulus matches on the private key and
certificate file'
If you can shine some light on thus 'modulus matches on the private key and
certificate file'
Thx
Sam
On Mon, Nov 16, 2009 at 2:27 PM, Crypto Sal wrote:
> On 11/16/2009 03:48 PM, sieger007@gmail.com wrote:
>
> Thank you friends. This SSL stuff drives me nuts .
> Just to clarify, I had sent a certificate request with xyz.abc.com as the common name. I got back a certificate with *.
> abc.com as the common name from the CA. Can I still use the same key or
> is it a mismatch?
>
> Hello,
>
> As long as the modulus matches on the private key and certificate file, yes
> it will still work.
>
--001636e1f85d6b31000478867310
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Thanks.what kind of changes do I =
need to make to the modules. I assume that is what you referred to by '=
modulus matches on the private key and certificate file'
le=3D"color: rgb(51, 153, 153);">
If you can shine some light on th=
us 'modulus matches on the private key and certificate file'=
153);">Thx
Sam
mail_quote">On Mon, Nov 16, 2009 at 2:27 PM, Crypto Sal
&=
lt;>
an> wrote:
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
=20
Hello,
As long as the modulus matches on the private key and certificate file,
yes it will still work.
--001636e1f85d6b31000478867310--
Re: cannot install a SSL certificate : any idea folks? Going nuts over SSL..
am 17.11.2009 05:41:11 von Crypto Sal
--------------090508040706000102040702
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
In the future, please bottom post to the mailing list. It makes it much
easier to read.
Here's a great article on how to see if the modulus on the private key
and the modulus on the certificate match.
http://kb.wisc.edu/middleware/page.php?id=4064
You may also want to read the openssl man pages.
On 11/16/2009 07:46 PM, sieger007@gmail.com wrote:
> Thanks.what kind of changes do I need to make to the modules. I assume
> that is what you referred to by 'modulus matches on the private key
> and certificate file'
> If you can shine some light on thus 'modulus matches on the private
> key and certificate file'
> Thx
> Sam
>
> On Mon, Nov 16, 2009 at 2:27 PM, Crypto Sal
> > wrote:
>
> On 11/16/2009 03:48 PM, sieger007@gmail.com
> wrote:
>> Thank you friends. This SSL stuff drives me nuts .
>> Just to clarify, I had sent a certificate request with
>> xyz.abc.com as the common name. I
>> got back a certificate with *.abc.com as the
>> common name from the CA. Can I still use the same key or is it a
>> mismatch?
>>
> Hello,
>
> As long as the modulus matches on the private key and certificate
> file, yes it will still work.
>
>
--------------090508040706000102040702
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
http-equiv="Content-Type">
In the future, please bottom post to the mailing list. It makes it much
easier to read.
Here's a great article on how to see if the modulus on the private key
and the modulus on the certificate match.
You may also want to read the openssl man pages.
On 11/16/2009 07:46 PM, wrote:
cite="mid:80a287630911161646r285613d4ya186ad624abd052@mail.g mail.com"
type="cite">Thanks.what kind
of changes do I need to make to the modules. I assume that is what you
referred to by 'modulus matches on the private key and certificate
file'
If you can shine some light
on thus 'modulus matches on the private key and certificate file'
style="color: rgb(51, 153, 153);">
Thx
style="color: rgb(51, 153, 153);">
Sam
On Mon, Nov 16, 2009 at 2:27 PM, Crypto Sal
dir="ltr"><
href="mailto:crypto.sal@gmail.com">crypto.sal@gmail.com>
wrote:
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello,
As long as the modulus matches on the private key and certificate file,
yes it will still work.
--------------090508040706000102040702--
Re: cannot install a SSL certificate : any idea folks ?
am 17.11.2009 17:37:50 von sieger007
--001636e0b9643e9eb6047893bf7d
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Nov 16, 2009 at 8:41 PM, Crypto Sal wrote:
> In the future, please bottom post to the mailing list. It makes it much
> easier to read.
>
> Here's a great article on how to see if the modulus on the private key and
> the modulus on the certificate match.
>
> http://kb.wisc.edu/middleware/page.php?id=4064
>
> You may also want to read the openssl man pages.
>
>
>
>
>
> On 11/16/2009 07:46 PM, sieger007@gmail.com wrote:
>
> Thanks.what kind of changes do I need to make to the modules. I assume that
> is what you referred to by 'modulus matches on the private key and
> certificate file'
> If you can shine some light on thus 'modulus matches on the private key and
> certificate file'
> Thx
> Sam
>
> On Mon, Nov 16, 2009 at 2:27 PM, Crypto Sal wrote:
>
>> On 11/16/2009 03:48 PM, sieger007@gmail.com wrote:
>>
>> Thank you friends. This SSL stuff drives me nuts .
>> Just to clarify, I had sent a certificate request with xyz.abc.com as the common name. I got back a certificate with *.
>> abc.com as the common name from the CA. Can I still use the same key or
>> is it a mismatch?
>>
>> Hello,
>>
>> As long as the modulus matches on the private key and certificate file,
>> yes it will still work.
>>
>
>
>
Thanks a lot folks. I am getting some sort of handle here .
The problem is If I use the original key and the certificate that they give
me, the web server does not start I assume because the CN, OU, etc. does not
match.I just want a SSL cert that works.So right now I use a self signed
CA.Now is there a concept of applying for a *Revoke *of an old CA before you
apply for a a new CA .
Because if I give the CN as xyz.abc.com I get a certificate *.abc.com why
should that be so .
Thanks again
--001636e0b9643e9eb6047893bf7d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 16, 2009 at 8:41 PM, Crypto =
Sal
<
"_blank">crypto.sal@gmail.com> wrote:
"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0=
pt 0pt 0pt 0.8ex; padding-left: 1ex;">
=20
In the future, please bottom post to the mailing list. It makes it much
easier to read.
Here's a great article on how to see if the modulus on the private key
and the modulus on the certificate match.
nk">http://kb.wisc.edu/middleware/page.php?id=3D4064
You may also want to read the openssl man pages.
On 11/16/2009 07:46 PM,
lank">sieger007@gmail.com wrote:
Thanks.=
what kind
of changes do I need to make to the modules. I assume that is what you
referred to by 'modulus matches on the private key and certificate
file'
If you can shine some light
on thus 'modulus matches on the private key and certificate file'
span>
Thx
gb(51, 153, 153);">
Sam
On Mon, Nov 16, 2009 at 2:27 PM, Crypto Sal
pan dir=3D"ltr"><
k">crypto.sal@gmail.com>
wrote:
, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello,
As long as the modulus matches on the private key and certificate file,
yes it will still work.
Thanks a lo=
t folks. I am getting some sort of handle here .
rgb(51, 51, 255);">The problem is=
=A0 If I use the original key and the certificate that they give me, the we=
b server does not start I assume because the CN, OU, etc. does not match.I =
just want a SSL cert that works.So right now I use a self signed CA.Now is =
there a concept of applying for a Revoke of an old CA before you app=
ly for a=A0 a new CA .
Because if I give the CN as=A0 xyz.abc.com
a> I get a certificate *. why should =
that be so .
Thanks again
--001636e0b9643e9eb6047893bf7d--
Re: cannot install a SSL certificate : any idea folks? Going nuts over SSL..
am 18.11.2009 05:25:47 von Crypto Sal
--------------020601060005060301020507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 11/17/2009 11:37 AM, sieger007@gmail.com wrote:
> Thanks a lot folks. I am getting some sort of handle here .
> The problem is If I use the original key and the certificate that
> they give me, the web server does not start I assume because the CN,
> OU, etc. does not match.I just want a SSL cert that works.So right now
> I use a self signed CA.Now is there a concept of applying for a
> *Revoke *of an old CA before you apply for a a new CA .
> Because if I give the CN as xyz.abc.com I get a
> certificate *.abc.com why should that be so .
> Thanks again
>
Hello,
Again, the only real thing that needs to match is the modulus on both
the key and certificate (outside of setting up a proper VHost, of
course). I assume you downloaded the wrong certificate from the CA(Very
common). You could always generate a new key and CSR and send that CSR
to the CA, who then will send you a new certificate.
--------------020601060005060301020507
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
http-equiv="Content-Type">
On 11/17/2009 11:37 AM, wrote:
cite="mid:80a287630911170837x9d168d9ic00de03c7b93a354@mail.g mail.com"
type="cite">Thanks a lot folks.
I am getting some sort of handle here .
style="color: rgb(51, 51, 255);">
The problem is If I use the
original key and the certificate that they give me, the web server does
not start I assume because the CN, OU, etc. does not match.I just want
a SSL cert that works.So right now I use a self signed CA.Now is there
a concept of applying for a Revoke of an old CA before you
apply for a a new CA .
Because if I give the CN as
href="http://xyz.abc.com">xyz.abc.com I get a certificate *.
moz-do-not-send="true" href="http://abc.com">abc.com why should
that be so .
Thanks again
Hello,
Again, the only real thing that needs to match is the modulus on both
the key and certificate (outside of setting up a proper VHost, of
course). I assume you downloaded the wrong certificate from the CA(Very
common). You could always generate a new key and CSR and send that CSR
to the CA, who then will send you a new certificate.
--------------020601060005060301020507--