SSL Certificates

Discussion in 'General' started by guimnk, Apr 23, 2011.

  1. guimnk

    guimnk Member

    Hi all!

    I've a PFX certificate and I need to use in apache.

    I'm trying with this commands:

    To generate keys:
    Code:
    [email protected]:/home/guilherme/Desktop/ssl# openssl pkcs12 -in mydomain.com.br.pfx -out mydomain.com.br.pem
    Enter Import Password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    [email protected]:/home/guilherme/Desktop/ssl# openssl x509 -in mydomain.com.br.pem -out mydomain.com.br.crt
    [email protected]:/home/guilherme/Desktop/ssl# openssl rsa -in mydomain.com.br.pem -out mydomain.com.br.key
    Enter pass phrase for mydomain.com.br.pem:
    writing RSA key
    [email protected]:/home/guilherme/Desktop/ssl# openssl req -new -key mydomain.com.br.key -out mydomain.com.br.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:BR
    State or Province Name (full name) [Some-State]:SAO PAULO
    Locality Name (eg, city) []:SAO JOSE DO RIO PRETO
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:E C DUARTE ME
    Organizational Unit Name (eg, section) []:AUTO PECAS
    Common Name (eg, YOUR name) []:mydomain.com.br
    Email Address []:[email protected]
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [email protected]:/home/guilherme/Desktop/ssl# ls
    mydomain.com.br.crt  mydomain.com.br.csr  mydomain.com.br.key  mydomain.com.br.pem  mydomain.com.br.pfx
    
    Apache entries (/etc/apache2/sites-enabled/mydomain.com.br.vhost):
    Code:
        SSLEngine on
        SSLCertificateFile /var/www/clients/client20/web33/ssl/mydomain.com.br.crt
        SSLCertificateKeyFile /var/www/clients/client20/web33/ssl/mydomain.com.br.key
    
    But, when I try to test in browser, I get the message:

    Code:
    sec_error_inadequate_cert_type
    
    How can I do to fix it??

    Thanks
     
  2. NdK

    NdK Member

    http://www.mail-archive.com/[email protected]/msg01566.html might contain useful infos.
    Usually, when submitting a csr to a CA, only your public key is kept. All other fields and extensions are replaced with "authorized" ones (or you could generate valid certs for every site, even if not yours).
     

Share This Page