Question Import SSL Certificate from CA to AppServer

J

jamesmcfly

New Member
Hi all,

Currently we got project that includes using CA signed SSL Certificate. We received .ppk, .crt and .csr file from our client, which they acquired from GeoTrust. There is no .pk1 nor .pk10 file generated during the process.
I wonder if I can use this private key and certificate to import to the appserver so I can activate the AppServer with SSL using that private key and certificate.

I can import the certificate using certutil -import X.crt and I got the .0 file. But I still cannot generate the .pem file from the private key (and certificate) using the pkiutil -import command. I got this error: A private key for keystore entry <alias> does not exist

Inside the .ppk
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

.crt
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

.csr
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

It would be very helpful if someone can give me some directions.

Thank you

Christofer
 
J

jamesmcfly

New Member
Hi all,

I have tried the following:

I put the files in $DLC/keys then rename the .ppk file into .pem file. I import the the certificate using the pkiutil -import X X.crt. The .pem file now contains the private key and the certificate.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
.....
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

However I still got another error in the appserver.broker.log file that it fails: com.progress.ubroker.ssl.InvalidKeyException: Invalid private key input data.

Note: The private key in the .ppk is initially not encrypted (there is no "Proc-Type: 4,ENCRYPTED header). I use openssl function to add encryption to the private key, so that it has the Encryption header.
 
RealHeavyDude

RealHeavyDude

Well-Known Member
You need a PEM file - not PPK. Never had anything to do with PPK so I can't tell much about it. The PEM file must contain the private and public key and mine look like this:

Code: 
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AE5B215F1F83959D
...
-----END RSA PRIVATE KEY-----

I've just copied into the $DLC/key without any request and importing and we are fine. Probably you should look into converting PPK into PEM.
 
You must log in or register to reply here.

Similar threads

Cecil
Question How to calculate a X509 certificate's issuer name hash
Replies
11
Views
1K
Cecil
Cecil
P
Add and read CDATA into and from a XML file
Replies
4
Views
844
Stefan
Stefan
J
  • Locked
[Progress News] [Progress OpenEdge ABL] Key Benefits of Managed File Transfer Software
Replies
0
Views
312
John Iwuozor
J
J
  • Locked
[Progress News] [Progress OpenEdge ABL] What are the Basics of Mergers and Acquisitions (M&A)?
Replies
0
Views
139
Jessica Kent
J
S
  • Locked
[Progress News] [Progress OpenEdge ABL] Website & App Security: What You Need to Know to Protect the Products You Build
Replies
0
Views
776
Suzanne Scacca
S
Top