Unfortunately, I'm dealing with an HP Proliant server. Specifically the iLO interface which is a backend management device embeded in the server.
This device has it's own SSL cert from the factory. With the latest rounds of updates from Firefox, that browser now complains "my certificate contains the same serial number as issued by another authority" and will not allow you to continue. The "stupid" HP iLO software will generate a CSR for you, but it only uses the server name and does not append the domain part of the iLO configuration settings. Also, the server name setting does not allow you to enter the . character. The CSR generator stores the private key somewhere inside it's storage, but there is no way to access it. Only the iLO software can see it. Since the commercial certs force you to use a FQDN, I had to try and generate my own cert, but without the private key. I think I understand now. I make my own CA setup and issue my own certs. Correct? Thanks, Chuck Graham Leggett wrote: > > carock wrote: > > A deeper question though is why you would want to give a server a name > that isn't a FQDN, even a private one such as "serverfoo.local". > > Where are you getting the CSR from if you don't have a private key? > > Regards, > Graham > -- > > > -- View this message in context: http://www.nabble.com/self-signed-cert-without-private-key-file-tp22609395p22624625.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org