| Bill Hertzing 2004-04-11, 3:06 pm |
| Hi - We need to bridge our HTTPD traffic from the commerce server and
reassemble the traffic in a monitoring tool. In order to terminate the
SSL in the monitor tool's server, we need the private key file. We are
having the hardest time getting the private key back out of the IBM
HTTP server's token file .
I've read many posts which suggest using KeyMan. We found the location
of the token file (.kdb) that holds our certificate, and we copied the
file over to a desktop PC, where we also installed IBM's KeyMan
utility. With KeyMan, we can open the token and view our Certificate.
The cert details indicates the RSA and SHA1 keys exist. But there does
not seem to be a key pair file in the token file, just the
certificate.
Once we get the Key file, I'm supposed to use OpenSSL on the monitor
tool server to check it is a proper private key. It should start with
-----BEGIN RSA PRIVATE KEY-----
But no matter what I do, the only thing I can get of KeyMan are files
that start with
-----BEGIN CERTIFICTE-----
None of these files pass the openssl rsa -check option, and I can't go
any further...
Help! How can we get the RSA key file back from IBM HTTP server, to
install into the monitoring tool? Are we going to have to generate all
new keys and certificates?
|