Thanks to David and Carlos. They both provided the right steps to
getting us up and running.

(and they weren't pulling an April Fool's joke on me, either - it
honestly works! :))

Have a great day all...

dan

-----Original Message-----
From: Weiss, David [mailto:David.Weissbcbsfl.com]
Sent: Monday, April 01, 2002 1:25 PM
To: 'Stratton, Dan'
Subject: RE: IIS Key pairs

Hope this helps!!

Here is the info:

Check for corruption:
OPENSSL RSA -TEXT -IN PkeyName

View Cert
OPENSSL X509 -TEXT -IN CertName

Remove Password before importing

OPENSSL RSA -IN Pkey -OUT NewKeyName

exporting keys/certs from IIS in a format that can then be imported into
the 7110

You'll need:
        IIS 4.0 Server w/SSL Enabled
        OpenSSL
        Hex Editor

Export Key:
        Key Manager -> Key -> Backup Keyfile
        Save as backup.key

Hex Edit:
        Open backup.key in Hex Editor
        Find first occurance of "private-key", and search back to 30 82
        Delete all before 30 82
        Save as backup_key.bin

        Open backup.key in Hex Editor
        Find first occurance of "certificate" followed by 30 82
        Delete all before 30 82
        Save as backup_cert.bin

 Convert:
        openssl rsa -inform NET -in backup_key.bin -out backup_new.key
        openssl x509 -text -in backup_cert.bin -inform DER -out
backup_new.crt

Use:
        backup_new.key is Private Key
        backup_new.crt is Certificate

Thank you,

David Weiss
Web Environment Services
(904) 905-0675
(904) 536-7416 cel.
David.Weissbcbsfl.com

4800 Deerwood Campus Parkway, DCC6-232
Jacksonville, FL 32246

-----Original Message-----
From: Stratton, Dan [mailto:Dan.StrattonWorkscape.com]
Sent: Monday, April 01, 2002 10:22 AM
To: Weiss, David
Subject: RE: IIS Key pairs

We are using Alteons... Verisign is who we purchase our certs from, but
I don't recall seeing any tools on their site. Do they need to be
purchased, or did I over look them? If they're avail on the web could
you send me the link?

Thanks!

Dan

-----Original Message-----
From: Weiss, David [mailto:David.Weissbcbsfl.com]
Sent: Monday, April 01, 2002 9:19 AM
To: 'Stratton, Dan'
Subject: RE: IIS Key pairs

What brand encryption device? We use an Intel box and I have the tools
that Verisign provided...

Thank you,

David Weiss
Web Environment Services
(904) 905-0675
(904) 536-7416 cel.
David.Weissbcbsfl.com

4800 Deerwood Campus Parkway, DCC6-232
Jacksonville, FL 32246

-----Original Message-----
From: Stratton, Dan [mailto:Dan.StrattonWorkscape.com]
Sent: Friday, March 29, 2002 3:38 PM
To: focus-mssecurityfocus.com
Subject: IIS Key pairs

Hello,

Has any one had any luck with exporting two separate key files from IIS
4 or IIS 5? We need to import both the public and private keys into a
load balancing device. After much searching on the web, it appears that
Microsoft only exports the pair as one file (*.key in IIS4 and PFX
(PKCS12) in IIS5).

Any advice you may have is greatly appreciated.

Thank you!

Dan

Blue Cross Blue Shield of Florida, Inc., and its subsidiary and
affiliate companies are not responsible for errors or omissions in this
e-mail message. Any personal comments made in this e-mail do not reflect
the views of Blue Cross Blue Shield of Florida, Inc.

Blue Cross Blue Shield of Florida, Inc., and its subsidiary and
affiliate companies are not responsible for errors or omissions in this
e-mail message. Any personal comments made in this e-mail do not reflect
the views of Blue Cross Blue Shield of Florida, Inc.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]