Got it! Procedure: 1. Export the certificate from IIS as a .pfx file: Properties of the web site->Directory Security -> View Certificate -> Details -> Copy to file -> Next -> Export the private key + Next -> Next -> blank password + next -> <hostname> + next -> Finish This creates file <hostname>.pfx with the certificate and the private key. 2. openssl pkcs12 -in <hostname>.pfx -out <hostname>.pem -nodes 3. openssl rsa -in <hostname>.pem -out <hostname>.key <hostname>.key is the file I was after. 4. To get the "chain of trust" from the CA*.crt files supplied by the CA: openssl x509 -in CA01.crt -text > trust_bundle.pem openssl x509 -in CA02.crt -text >> trust_bundle.pem openssl x509 -in CA03.crt -text >> trust_bundle.pem ... 5. httpd.conf: <VirtualHost <hostname>:443> servername <hostname> SSLEngine On SSLCACertificateFile conf/ssl/trust_bundle.pem SSLCertificateFile conf/ssl/<hostname>.crt SSLCertificateKeyFile conf/ssl/<hostname>.key </VirtualHost> I hope this will be helpful to somebody. Regards Vesselin --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|