SSL Certificates

Discussion in 'General' started by guimnk, Apr 23, 2011.

  1. guimnk

    guimnk Member

    Hi all!

    I've a PFX certificate and I need to use in apache.

    I'm trying with this commands:

    To generate keys:
    [email protected]:/home/guilherme/Desktop/ssl# openssl pkcs12 -in -out
    Enter Import Password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    [email protected]:/home/guilherme/Desktop/ssl# openssl x509 -in -out
    [email protected]:/home/guilherme/Desktop/ssl# openssl rsa -in -out
    Enter pass phrase for
    writing RSA key
    [email protected]:/home/guilherme/Desktop/ssl# openssl req -new -key -out
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [AU]:BR
    State or Province Name (full name) [Some-State]:SAO PAULO
    Locality Name (eg, city) []:SAO JOSE DO RIO PRETO
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:E C DUARTE ME
    Organizational Unit Name (eg, section) []:AUTO PECAS
    Common Name (eg, YOUR name) []
    Email Address []:[email protected]
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [email protected]:/home/guilherme/Desktop/ssl# ls
    Apache entries (/etc/apache2/sites-enabled/
        SSLEngine on
        SSLCertificateFile /var/www/clients/client20/web33/ssl/
        SSLCertificateKeyFile /var/www/clients/client20/web33/ssl/
    But, when I try to test in browser, I get the message:

    How can I do to fix it??

  2. NdK

    NdK Member[email protected]/msg01566.html might contain useful infos.
    Usually, when submitting a csr to a CA, only your public key is kept. All other fields and extensions are replaced with "authorized" ones (or you could generate valid certs for every site, even if not yours).

Share This Page