SSL Certificates

Discussion in 'General' started by guimnk, Apr 23, 2011.

  1. guimnk

    guimnk Member

    Hi all!

    I've a PFX certificate and I need to use in apache.

    I'm trying with this commands:

    To generate keys:
    Code:
    root@macromind:/home/guilherme/Desktop/ssl# openssl pkcs12 -in mydomain.com.br.pfx -out mydomain.com.br.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
root@macromind:/home/guilherme/Desktop/ssl# openssl x509 -in mydomain.com.br.pem -out mydomain.com.br.crt
root@macromind:/home/guilherme/Desktop/ssl# openssl rsa -in mydomain.com.br.pem -out mydomain.com.br.key
Enter pass phrase for mydomain.com.br.pem:
writing RSA key
root@macromind:/home/guilherme/Desktop/ssl# openssl req -new -key mydomain.com.br.key -out mydomain.com.br.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:SAO PAULO
Locality Name (eg, city) []:SAO JOSE DO RIO PRETO
Organization Name (eg, company) [Internet Widgits Pty Ltd]:E C DUARTE ME
Organizational Unit Name (eg, section) []:AUTO PECAS
Common Name (eg, YOUR name) []:mydomain.com.br
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@macromind:/home/guilherme/Desktop/ssl# ls
mydomain.com.br.crt  mydomain.com.br.csr  mydomain.com.br.key  mydomain.com.br.pem  mydomain.com.br.pfx
    Apache entries (/etc/apache2/sites-enabled/mydomain.com.br.vhost):
    Code:
        SSLEngine on
    SSLCertificateFile /var/www/clients/client20/web33/ssl/mydomain.com.br.crt
    SSLCertificateKeyFile /var/www/clients/client20/web33/ssl/mydomain.com.br.key
    But, when I try to test in browser, I get the message:

    Code:
    sec_error_inadequate_cert_type
    How can I do to fix it??

    Thanks
     
    guimnk, Apr 23, 2011
    #1
  2. NdK

    NdK Member

    http://www.mail-archive.com/[email protected]/msg01566.html might contain useful infos.
    Usually, when submitting a csr to a CA, only your public key is kept. All other fields and extensions are replaced with "authorized" ones (or you could generate valid certs for every site, even if not yours).
     
    NdK, Apr 29, 2011
    #2

Share This Page