SSL Certificates

Discussion in 'General' started by guimnk, Apr 23, 2011.

  1. guimnk

    guimnk Member

    Hi all!

    I've a PFX certificate and I need to use in apache.

    I'm trying with this commands:

    To generate keys:
    Code:
    [email protected]:/home/guilherme/Desktop/ssl# openssl pkcs12 -in mydomain.com.br.pfx -out mydomain.com.br.pem
    Enter Import Password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    [email protected]:/home/guilherme/Desktop/ssl# openssl x509 -in mydomain.com.br.pem -out mydomain.com.br.crt
    [email protected]:/home/guilherme/Desktop/ssl# openssl rsa -in mydomain.com.br.pem -out mydomain.com.br.key
    Enter pass phrase for mydomain.com.br.pem:
    writing RSA key
    [email protected]:/home/guilherme/Desktop/ssl# openssl req -new -key mydomain.com.br.key -out mydomain.com.br.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:BR
    State or Province Name (full name) [Some-State]:SAO PAULO
    Locality Name (eg, city) []:SAO JOSE DO RIO PRETO
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:E C DUARTE ME
    Organizational Unit Name (eg, section) []:AUTO PECAS
    Common Name (eg, YOUR name) []:mydomain.com.br
    Email Address []:[email protected]
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [email protected]:/home/guilherme/Desktop/ssl# ls
    mydomain.com.br.crt  mydomain.com.br.csr  mydomain.com.br.key  mydomain.com.br.pem  mydomain.com.br.pfx
    
    Apache entries (/etc/apache2/sites-enabled/mydomain.com.br.vhost):
    Code:
        SSLEngine on
        SSLCertificateFile /var/www/clients/client20/web33/ssl/mydomain.com.br.crt
        SSLCertificateKeyFile /var/www/clients/client20/web33/ssl/mydomain.com.br.key
    
    But, when I try to test in browser, I get the message:

    Code:
    sec_error_inadequate_cert_type
    
    How can I do to fix it??

    Thanks
     
  2. NdK

    NdK Member

Share This Page