I'm having some troubles publishing several site on a Apache server, via SSL. The real problems is actually that i can't seem to import the private-key with the certificate i generated on the web-server using OpenSSL.
The basic layout: Sites (that is going to use SSL):
domain1.com / 192.168.1.11
domain2.com / 192.168.1.12
admin.domain3.net / 192.168.1.13
domain4.org / 192.168.1.14
I have generated the certificates using OpenSSL on the Web-server. But when i import the certificates into the certificate store, it dose not contain the private-key. However, I've tryed to copy/paste the privatekey into the certificate file (got this tip by some friends) but it did not work as intended. When I try to create a new web-listener for the SSL. I can't select the certificate. but if I remove the "show valid certificates only" I can see it. The error on the certificate is: "Private Key not installed".
Any suggestions on how i can solve this? The reason I want to using selfsigned certs, is because its purely for the admin-parts of the website, all other content is going to be transferred using HTTP.
Best regards, Marius
EDIT: updated with a picture instead of the formating of text.
< Message edited by morthez -- 14.Aug.2009 4:08:17 AM >
I use OpenSSL for a bunch of certificates in our environment so I know this works. what command are you using to export the cert and private key from the CA?
This is the command I run... assuming you're in the apps directory of OpenSSL - mine is /usr/local/openssl/openssl-0.9.8h/apps
Certificates go into the /usr/local/openssl/openssl-0.9.8h/apps/cer directory Private Keys go into /usr/local/openssl/openssl-0.9.8h/apps/keys directory
This exports them into a PKCS12 formatted file with the cert and key combined and will prompt you to provide an export password. I've never tried appending the private key into the certificate file - based on what you're saying, Windows apparently doesn't recognize it this way (Captain Obvious here), but it does recognize the P12 format.
Not sure how you transfer these off, but I FTP them - make sure you use BINary mode.
< Message edited by ClintD -- 15.Aug.2009 8:11:43 PM >