• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problems with Selfsigned SSL

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Problems with Selfsigned SSL Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problems with Selfsigned SSL - 14.Aug.2009 3:47:18 AM   
morthez

 

Posts: 1
Joined: 14.Aug.2009
Status: offline
Hi,

I'm having some troubles publishing several site on a Apache server, via SSL. The real problems is actually that i can't seem to import the private-key with the certificate i generated on the web-server using OpenSSL.

The basic layout:

Sites (that is going to use SSL):

  • domain1.com / 192.168.1.11
  • domain2.com / 192.168.1.12
  • admin.domain3.net / 192.168.1.13
  • domain4.org / 192.168.1.14



I have generated the certificates using OpenSSL on the Web-server. But when i import the certificates into the certificate store, it dose not contain the private-key. However, I've tryed to copy/paste the privatekey into the certificate file (got this tip by some friends) but it did not work as intended. When I try to create a new web-listener for the SSL. I can't select the certificate. but if I remove the "show valid certificates only" I can see it. The error on the certificate is: "Private Key not installed".

Any suggestions on how i can solve this? The reason I want to using selfsigned certs, is because its purely for the admin-parts of the website, all other content is going to be transferred using HTTP.

Best regards,
Marius

EDIT: updated with a picture instead of the formating of text.

< Message edited by morthez -- 14.Aug.2009 4:08:17 AM >
Post #: 1
RE: Problems with Selfsigned SSL - 15.Aug.2009 3:42:49 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
I use OpenSSL for a bunch of certificates in our environment so I know this works. what command are you using to export the cert and private key from the CA?

This is the command I run... assuming you're in the apps directory of OpenSSL - mine is /usr/local/openssl/openssl-0.9.8h/apps

Certificates go into the /usr/local/openssl/openssl-0.9.8h/apps/cer directory
Private Keys go into /usr/local/openssl/openssl-0.9.8h/apps/keys directory

./openssl pkcs12 -export -in certs/www.clintd.com.cer -inkey keys/www.clintd.com.key -out certs/www.clintd.com.p12

This exports them into a PKCS12 formatted file with the cert and key combined and will prompt you to provide an export password. I've never tried appending the private key into the certificate file - based on what you're saying, Windows apparently doesn't recognize it this way (Captain Obvious here), but it does recognize the P12 format.

Not sure how you transfer these off, but I FTP them - make sure you use BINary mode.

< Message edited by ClintD -- 15.Aug.2009 8:11:43 PM >

(in reply to morthez)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Problems with Selfsigned SSL Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts