Hi,
I'm trying to create a certificate to install in my apache server or
Internet Information Service, I follow the steps in this direction
URL:
http://pki.fedoraproject.org/wiki/Apache_Cert_Enrollment
Some simple steps are listed here on how to proceed to enroll a server
certificate for an apache webserver with Dogtag.
*STEP ONE:*Generate a Key/CSR:
openssl genrsa -des3 -out
www.mydomain.com.key 1024
openssl req -new -key
www.mydomain.com.key -out
www.mydomain.com.csr
Fill out all the prompts here including
CountryName,State,Locality,Organization Name, Organizational Unit
Name, Common Name.
Sample CSR from the above commands:
-----BEGIN CERTIFICATE REQUEST-----
MIIBqDCCARECAQAwaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
FTATBgNVBAcTDE1vdW50YWluVmlldzEPMA0GA1UEChMGUmVkSGF0MQwwCgYDVQQL
EwNJRE0xDjAMBgNVBAMTBWEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDMbwtFUZNzlfWRI19nuxKsbhJ1/5A/rrXQkH7+K1uqxmzytm6b57lkGK9YUC7B
qSKpJ4zzOnVqwRZsE9oJ5CSv+eQUie1NTz4KEL9ZOsN4p2zn0JFaKqze/vxZ3Rux
BKnAz34KxOKZxGTiychOTytWS6V4lDzKBvgTgf0EZfOcfwIDAQABoAAwDQYJKoZI
hvcNAQEEBQADgYEAxRGViyX5MxedhfSOja3XmvCcTOZL+btT7u4zztGBz71qSGhz
yLcFCHCOMngsfiHxySBUIjZdGAOjrwcwT04ig/C2TE8mTamDp7d8/zQ6k9De/9Dp
Q+C7PZuTYQkDf417IxbalEWhhNQ2AE6pMxfWwWAhjP1jAFLdKQZtEVNG9AQ=
-----END CERTIFICATE REQUEST-----
*STEP TWO:*Submit this CSR to the "Server Certificate Enrollment"
profile of the Dogtag CA and get it approved.
*STEP THREE:*Download the Cert and the CA and get them installed in
apache.
I have problems in *step three*, when I click on the option "Import
Your Certificate" from the web console Dogtag Certificate Manager, I
receive the following message:
"This certificate cannot staff be installed Because you do not own the
Corresponding private key"
Searching in google I found this:
When I try to download my issued certificate, I get an “Accept in
PKCS7” error message.
If you are getting the “Error in accept PKCS7″ message that means that
the Microsoft OS/Internet Explorer cannot find the private key(s) for
those certificates. (Please note that this does not necessarily mean
that the private key(s) are not there, just that the MS system cannot
find them.)
This happens because:
-the request was done under a different log-in profile (you are logged
on under a different username/password) than when the request was made
-or the request was made with a different browser (for example, Firefox)
-or the request was made on a different computer than the one you are
trying to import it on
-or something was done to the machine (like an update to the operating
system -- a Windows update, profile change, computer re-imaged, etc.)
You will only be able to import the issued certificate onto the same
computer, same log-in profile, and using the same web browser as when
you made the on-line request. (i.e. as when you got the “Print this
form” web page).
Well now!, I have the certificate in Base 64 format, Dogtag console
shows me the following information:
Installing this certificate in a server
The Following format can be used to install this certificate into a
server.
Base 64 encoded certificate
In this picture I deleted some lines deliberately, but my certificate
is complete.
Base 64 encoded certificate with CA certificate chain in pkcs7 format
In this picture I deleted some lines deliberately, but my certificate
is complete.
Well now!, what I do with this information?, How I generated my
certificate with this plane format? Since in my web browser from the
console does not allow me to import the certificate.
How I can generate my certificate from the command line?
How I can generate my certificates in .cer, .crt, .pfx, .p12?
What format should I use?