See manual for "openssl x509". Use "-inform DER" and "-outform PEM". Think, it helps.
Regards, Steffen > -----Ursprüngliche Nachricht----- > Von: Craig A Lewis [SMTP:[EMAIL PROTECTED]] > Gesendet am: Donnerstag, 28. Februar 2002 19:17 > An: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Betreff: Can I convert Apache Mod SSL cert to PEM format? > > > Hello, > > I am running imap2001a and using openssl 0.96b on Sun Solaris 2.8. I have > generated a self signed cert using the method described in the openssl > SSLBUILD > document > > The following command to openssl can be used to create a self-signed > certificate with a 10-year expiration: > req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650 > > This works, or at least a user can connect with netscape to the imaps > port and get their mail. > > I have recently purchased a cert from thawte for our apache server. > i.e. it is an apache mod ssl certificate named domainname.crt. Our > imap server is on the same sun as the apache server. The people say > I can use this cert that I purchased with imap (when I asked them.) > They tell me to convert it like this.... > > ===================================================== > > > If you need a certificate with the private key contained in it (this > isn't a PEM format...) you can bundle the cert and key into a .p12 > file using the following openssl command: > > openssl pkcs12 -export -out cert.p12 -inkey yourkey.key > -in yourcert.crt > ======================================================= > > I can do this, but this creates what looks to me like a binary output > file. > The open ssl documentation says the private key must not be encrypted. > I have tried to read the documenation and figure out the right way to do > all this. I have also searched the archives, and ... and well ... I am > just not > figuring this out. > > Can I even do what I am trying to do? (am I attempting the impossible? ) > Can anyone tell me how to convert my thawte certificate for apache mod > ssl to a PEM format imapd.pem certificate containing a private key > that is not encrypted? (my private key is encrypted.) > > > -- > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > [_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_] > > Craig Lewis 505 277 6068 [EMAIL PROTECTED] > UNIVERSITY OF NEW MEXICO MATHEMATICS AND STATISTICS > COMPUTER SYSTEMS SUPPORT > Humanities Building Office 415 > Albuquerque, NM 87131 > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
