Hi,


I've been told by several different people that in order to move an existing SSL cert to an Ensim box, I simply have to import the cert and original key through Site Administrator. However, that method would not work for me unless I also copied the server.key from my old machine to the directory
/home/virtual/site1/fst/etc/httpd/conf/ssl.key/
on the Ensim box. Until I did that, I kept getting an error message stating something to the effect of my key not matching the server key.

I'm perfectly fine with doing it my way, but I am curious as to why it wouldn't install the way others are saying it should.

Anyone?

Thanks,
-Bob

Got it sorted out. Here's what happened in case anyone runs into this in the future.

My original private key - the one that Ensim wouldn't accept - was generated on an Alabanza server and was encrypted (password protected), and began like this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,1E81xxxxxxxxxx

The "server.key" from my old server turned out to be nothing more than an unencrypted version of the above, and started like this:

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDUT63AEtW+oblahblahblahxxxxxxx

Ensim seems to want the unencrypted key only.

To verify, I just now uninstalled SSL from one of my sites, restarted Apache, and verified SSL was no longer working. I then installed my cert and newly unencrypted key through the Ensim CP, restarted apache, and it worked like a charm.

If you have an encrypted key and need an unencrypted version, here's how to do it:

openssl rsa -in ssl.key -out newssl.key

(ssl.key is your current encrypted key, and newssl.key is the new unencrypted key.) You will be asked for your passphrase, and then newssl.key will be generated. newssl.key is what you will use to install your cert through the Ensim CP.

-Bob