May 14

SSL Joys

The nice thing about standards is that there are so many of them to choose from. Andrew S. Tanenbaum

I’ve been working with a Apache proxy to force SSL and https.  Well, I haven’t had any control over the certificates.  And they can come in so many versions, especially given that Microsoft wants to do things its own way and the Apache web server instance is sitting on a windows virtual instance.

I’ve gotten the private key in two different formats, .pfx and .pvk.

.pfx can be converted to the pem file format which Apache is expecting via the following:

openssl pkcs12 -nodes -in infile.pfx -out out.pem

You then need to edit it, stripping out everything but the private key.  Once that’s accomplished you’re good to go.

.pvk, however, isn’t supported in openssl until version 1.0.  Joy!

Enhanced by Zemanta

Leave a Reply