> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Chris W. Parker > Sent: Monday, July 25, 2005 11:26 PM > To: redhat-list@xxxxxxxxxx > Subject: How to import a PFX file from IIS to Apache? > > Hello, > > I'm trying to move one of my certificates from Windows to Linux. I've > already created the pem file on the Linux machine with: > > openssl pkcs12 -in site.pfx -out site.pem > > What do I do next to get it installed? > > I've searched OpenSSL's mailing list archives, this mailing list, > google, as well as Verisign's website without any luck. > > I'm sure this is going to be a simple answer I just haven't been able to > find it yet. > > > Thanks, > Chris. > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list The PEM file you created contains the server certificate (and intermediate certificates, if any, in certificate chain between your certificate and root certificate) and private key (which may be encrypted, unless you remove the encryption specifying '-nodes' option to 'openssl pkcs12') corresponding to your certificate. The certificates are delimited by the lines 'BEGIN CERTIFICATE' and 'END CERTIFICATE', the private key is between lines 'BEGIN RSA PRIVATE KEY' and 'END RSA PRIVATE KEY' (there may be shown other algorithm name instead of RSA if your certificate and key is not the RSA ones). Before the certificates in that file are included strings in which the issuer and subject names are shown, so you can find specific certificates in the chain. You can split the PEM file converted from .pfx into the files needed for Apache using any text editor. Put the parts of the file containing intermediate certificates (including the BEGIN and END lines) into separate file pointed to by Apache configuration file directive SSLCertificateChainFile. Put the part containing your server's certificate (including the BEGIN and END lines) into separate file pointed to by directive SSLCertificateFile. Put the private key part of the PEM file (including the BEGIN and END lines) into separate file pointed to by SSLCertificateKeyFile. Alternatively, you can add it in the file with yor server's certificate, in this case the directive SSLCertificateKeyFile should not be used. However, the practice of having certificate and key in the sane file is strongly discouraged. Alexey Fadyushin Brainbench MVP for Linux http://www.brainbench.com -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
