Savage, Robert CTR USTRANSCOM J6 wrote:
Thanks very much for the pointer. Now I must ask one last (and very ignorant) question: Do the following results really say that server.key doesn't go with server.cert? $ openssl x509 -noout -text -in server.cert | openssl md5 fc68929f3a1863b9f8870ea38a3c84cc $ openssl rsa -noout -modulus -in server.key | openssl md5 Enter pass phrase for server.key: c4f9ce1f4d8291507da0aaa805cab3fd $ openssl req -noout -modulus -in ../server.csr | openssl md5 c4f9ce1f4d8291507da0aaa805cab3fd I ask this question because I have several subdirectories each supposedly containing master copies of the server.cert and server.key files for our web servers. I've repeated the above sequence in each of those subdirectories with similar results: the server.key and server.csr files share common MD5s, but the server.cert file does not. If they should all have a common md5, then I believe I'll have to replace all my certificates. Bummer.
My understanding is that, yes, your keys and certificates don't match and you'll have to replace the certificates. However, I'm by no means an (Open)SSL expert, so maybe someone who is can offer a more rounded explanation...
Andy -- Dr Andy Buckley: CEDAR @ IPPP, Durham Work: www.cedar.ac.uk www.insectnation.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|