httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Buckley <Andy.Buck...@durham.ac.uk>
Subject Re: [users@httpd] Certificates and keys
Date Wed, 21 Jun 2006 20:16:24 GMT
Savage, Robert CTR USTRANSCOM J6 wrote:
> Thanks very much for the pointer. Now I must ask one last (and very
> ignorant) question: Do the following results really say that server.key
> doesn't go with server.cert?
> 
> $ openssl x509 -noout -text -in server.cert | openssl md5
> fc68929f3a1863b9f8870ea38a3c84cc
> 
> $ openssl rsa -noout -modulus -in server.key | openssl md5
> Enter pass phrase for server.key:
> c4f9ce1f4d8291507da0aaa805cab3fd
> 
> $ openssl req -noout -modulus -in ../server.csr | openssl md5
> c4f9ce1f4d8291507da0aaa805cab3fd
> 
> I ask this question because I have several subdirectories each supposedly
> containing master copies of the server.cert and server.key files for our
> web servers. I've repeated the above sequence in each of those
> subdirectories with similar results: the server.key and server.csr files
> share common MD5s, but the server.cert file does not.
> 
> If they should all have a common md5, then I believe I'll have to replace
> all my certificates. Bummer.

My understanding is that, yes, your keys and certificates don't match and 
you'll have to replace the certificates. However, I'm by no means an (Open)SSL 
expert, so maybe someone who is can offer a more rounded explanation...

Andy

-- 
Dr Andy Buckley: CEDAR @ IPPP, Durham
Work: www.cedar.ac.uk
www.insectnation.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message