Re: [Sslproxy-users]updating Intermediate CA cert.
Brought to you by:
szilu
Menu
▾
▴
Re: [Sslproxy-users]updating Intermediate CA cert.
|
From: <bri...@hi...> - 2006-03-01 16:30:44
|
Quoting Szilard Hajba <sz...@sy...>: > On Mon, Feb 27, 2006 at 04:06:12PM -0500, bri...@hi... wrote: > > I was informed today I have to update the Intermediate CA certificates for > a > > server that has sslproxy running in front of port 443, I don't see anyway > to do > > this ... is this something that gets done on the HTTPD side instead of in > > ssl_proxy? > > > > I don't honestly understand all I'm reading, I don't really admin any https > > besides this server, so any help is appreciated. > > Hello! > > In SSL Proxy there is just one certificate file that contains all the > certificates it uses. If you want to update any of them, you should open it > with a text editor, delete the old one, replace with the new one and then > restart SSL Proxy. Make sure you make a backup copy before the change! :) > > If you had put the cert file together then you should know which cert you > want > to update in it. Ok I thought I had this sussed but I still can't get it working. I have edited my combined key and cert file with the newest intermediate CA and I get this error: Symbion SSL proxy 1.0.5 Using server: family=INET host=63.105.65.32 port=80 error reading private key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch when I try to regenerate the host key: openssl pkcs12 -in wf_export_01062006.pfx -out wfkey030106.pem then edit the certificate in there then run: openssl rsa -in wfkey030106.pem -out wfcert030106.pem openssl x509 -in wfkey030106.pem >>wfcert030106.pem and run with wfcert020106.pem as args to -C -K switches I get the same error. I guess I must be doing something wrong but I can't for the life of me figure out what. If I don't edit wfkey020106.pem with the newer intermediate CA it works but Firefox always brings up a warning message about not being able to verify certificate. Any help is appreciated. brian > > Szilard > > -- > Szilard Hajba Symbion Ltd. > Phone: (+36)20/203-31-56 H-9028 Gyor, Uj u. 38. > ICQ: 12892911 E-Mail: sz...@sy... > Skype: hszilu > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > SSLproxy-users mailing list > SSL...@li... > https://lists.sourceforge.net/lists/listinfo/sslproxy-users > |
