I'm at home now so I'll do this in the morning
I did get a self signed certificate to work on WinNT/Apache after
I removed the passphrase.
Regards
Tmo
At 7/5/00 11:49 AM, you wrote:
>Yes, this seems a bit odd indeed... just out of curiosity, would you include
>your httpd.conf file, or at least the section with the SSL stuff
>----- Original Message -----
>From: "Tom Nunamaker" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, July 05, 2000 11:32 AM
>Subject: Re: FAQ etc
>
>
>I opened the .crt file in Windows without errors and could see
>everything in the certificate.
>
>I'm about to give up on this....
>
>
>
>Joacim T�g wrote:
> >
> > If you look at the certificate in Windows, using the windows explorer for
> > example, by double clicking on the .crt file, does it show it as a valid
> > certificate. Meaning, does it open a certificate window with details about
> > the certificate?
> >
> > What confuses me is why it says:
> > > > Init: Unable to read server certificate from file
> > > > c:/apache/conf/853c.key
> >
> > Why does it complain about the .key file? Do you have a key file for the
> > cert?
> >
> > Joacim
> >
> > ----- Original Message -----
> > From: "Tom Nunamaker" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, July 05, 2000 9:15 AM
> > Subject: Re: FAQ etc
> >
> > Yes, I updated the httpd.conf file to point to the correct
> > files. When I point Apache to the old certificate, it's OK.
> > The new one blows up.
> >
> > Tom
> >
> > Joacim T�g wrote:
> > >
> > > Have you changed this line in your httpd.conf file:
> > >
> > > SSLCertificateFile "C:/Program Files/OpenSA/Apache/conf/ssl.crt/xxx.crt"
> > >
> > > It has to point at the *.crt file that you have somewhere.
> > >
> > > joacim
> > >
> > > ----- Original Message -----
> > > From: "Tom Nunamaker" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Friday, June 30, 2000 2:43 PM
> > > Subject: Re: FAQ etc
> > >
> > > > I'm very frustrated trying to get a certificate to work on my
> > > > server. I don't care if it's signed by a CA or not. The DoD
> > > > PKI office signed one for me but I get errors when I try to use it.
> > > > I can view the CA's certificate with:
> > > >
> > > > openssl x509 -noout -text -in ca.crt
> > > >
> > > > but Apache complains with this:
> > > >
> > > > Init: Unable to read server certificate from file
> > > > c:/apache/conf/853c.key (OpenSSL library error follows)
> > > > OpenSSL: error:0D09F007:asn1 encoding routines:d2i_x509:expecting an
> > > > asn1 sequence
> > > >
> > > >
> > > > Does that mean the CA can't sign a certificate OpenSSL will be happy
> > > > with? Do I
> > > > have to use Netscape's server?
> > > >
> > > > Can I sign my own key file? I have the one I sent to the DoD PKI
>office
> > > > but I
> > > > can't find anywhere that tells me the OpenSSL command(s) to self sign
>a
> > > > certificate.
> > > > I've seen refereces to "Use the CA.pl that comes with OpenSSL" There
>is
> > > > not CA.PL
> > > > with the OpenSA distribution. <sigh>
> > > >
> > > > Anyone have step-by-step instructions for self signing a certificate
>and
> > > > getting it to
> > > > work on NT with Apache?
> > > >
> > > > Thanks
> > > >
> > > > Tom Nunamaker
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > > >
> > > > "Daniel S. Reichenbach" wrote:
> > > > >
> > > > > > Are there any plans for an OpenSA FAQ or something? I've had
> > > > > > an awful lot
> > > > > > of people seeing my mod_perl notes running searches on things
> > > > > > like ASP,
> > > > > > PHP, mod_*, EAPI, and my site carries nothing about these topics.
> > > > > Would be good, but i don`t have the time to do it right now. If
> > > > > someone volunteers, to start one...
> > > > >
> > > > > /me
> > > > > --
> > > > > Institut Ingenium GmbH
> > > http://www.ingenium.de/
> > > > > Daniel Reichenbach
> > > [EMAIL PROTECTED]
