mod_ssl newbie question

mod_ssl newbie question

am 17.03.2010 15:32:59 von howa

I have a .crt file and it is issued by a CA.

By looking at the .crt file, the Private Key is not included in the .crt file.

My question: How can I generate the Private Key so I can use the
directive SSLCertificateKeyFile?

reference: http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcertifi catekeyfile

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_ssl newbie question

am 17.03.2010 15:41:23 von Philip Wigg

On 17 March 2010 14:32, howard chen wrote:
> I have a .crt file and it is issued by a CA.
>
> By looking at the .crt file, the Private Key is not included in the .crt file.
>
> My question: How can I generate the Private Key so I can use the
> directive SSLCertificateKeyFile?
>
> reference: http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcertifi catekeyfile

You would have generated a public key and a private key initially
(they're a pair) because your public key is needed to generate your
CSR (Certificate Signing Request).

If you didn't generate the CSR, you probably need to find the person
that did and ask them where the private key is.

Try reading http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#aboutcerts
if you haven't already.

-- Phil.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_ssl newbie question

am 17.03.2010 16:02:39 von howa

Hi,

On Wed, Mar 17, 2010 at 10:41 PM, Philip Wigg wrote:
> You would have generated a public key and a private key initially
> (they're a pair) because your public key is needed to generate your
> CSR (Certificate Signing Request).
>

Thanks for your link.

So it seems that now I missed the private key from the beginning.

I want to ask, can this private key shared across multiple server and reused?

So once I found this private key, I don't need to go through the
public key/private key generation, and CSR process.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_ssl newbie question

am 17.03.2010 16:13:55 von Mark Watts

--=-8DmX3RCud1Gq7er8C93W
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2010-03-17 at 23:02 +0800, howard chen wrote:
> Hi,
>=20
> On Wed, Mar 17, 2010 at 10:41 PM, Philip Wigg wro=
te:
> > You would have generated a public key and a private key initially
> > (they're a pair) because your public key is needed to generate your
> > CSR (Certificate Signing Request).
> >
>=20
> Thanks for your link.
>=20
> So it seems that now I missed the private key from the beginning.
>=20
> I want to ask, can this private key shared across multiple server and reu=
sed?
>=20
> So once I found this private key, I don't need to go through the
> public key/private key generation, and CSR process.

A Key/Certificate pair relates (generally) to a single website name; eg:
www.example.com

If you are hosting the same site on two machines, and load-balancing
between the two, then yes; assuming your Certificate is licensed for two
machines, you can use the same Key/Certificate pair on both machines.

You would *not* create one Key for use with multiple CSR requests for
different hostnames.

Mark.


--=20
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg

--=-8DmX3RCud1Gq7er8C93W
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkug8bMACgkQBn4EFUVUIO292QCgosG4UMHJKcnj8uxOQYzT bK9H
NeoAn2jkKm/R7jFaUgMT7wyU87x68UcL
=YY7f
-----END PGP SIGNATURE-----

--=-8DmX3RCud1Gq7er8C93W--

Re: mod_ssl newbie question

am 17.03.2010 17:19:41 von howa

Thanks.


On Wed, Mar 17, 2010 at 11:13 PM, Mark Watts wrote:
> If you are hosting the same site on two machines, and load-balancing
> between the two, then yes; assuming your Certificate is licensed for two
> machines, you can use the same Key/Certificate pair on both machines.
>
> You would *not* create one Key for use with multiple CSR requests for
> different hostnames.
>

Your information is useful.

Thanks again.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org