[英]mod_nss with Apache public Certificate issue
I have replaced mod_ssl
with mod_nss
for FIPS
cryptography and it works great with Apache
but now we have wildcard certificate which i want to import into NSS database but i don't know how do i import certificate private key
? 我已经用
mod_nss
替换了mod_ssl
进行FIPS
加密,它在Apache
很好用,但是现在我们有了通配符证书,我想将其导入NSS数据库,但是我不知道如何导入证书private key
?
I am using following command 我正在使用以下命令
certutil -A -d /etc/httpd/alias/ -n "GlobalSign" -t "CT,," -a -i wildcard_domain.crt
How do i import private key? 如何导入私钥? or is there something i am missing?
还是我想念的东西?
[root@web01 ~]# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
cacert CTu,Cu,Cu
Server-Cert u,u,u
GlobalSign-Intermediate CT,,
GlobalSign CTu,u,u
alpha
u,pu,u
Convert crt file in PEM format 转换CRT文件为PEM格式
openssl x509 -inform PEM -in ./ssl.crt/example.com.GlobalSign-2010.crt > /root/example.com.GlobalSign-2010.pem
openssl x509 -inform PEM -in ./ssl.crt/intermediate.GlobalSign.crt > /root/intermediate.GlobalSign.crt.pem
cat /root/example.com.GlobalSign-2010.pem /root/intermediate.GlobalSign.crt.pem > /root/example.com-GlogalSign-2010.pem
openssl pkcs12 -export -in example.com-GlogalSign-2010.pem -inkey ./ssl.key/example.com.GlobalSign.key -out /root/example.com-Globalsign.p12 -name Example-GlobalSign
pk12util -i /root/example.com-Globalsign.p12 -d /etc/httpd/alias
You can verify your certificate using following command 您可以使用以下命令来验证您的证书
certutil -L -d /etc/httpd/alias -n Example-GlobalSign
Notes: put Example-GlobalSign
nickname in nss.conf config file and Voila!! 注意:将
Example-GlobalSign
昵称放在nss.conf配置文件中,瞧!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.