Thank you fo your response.

I was trying to expoert them in seperate files, But I was able to do it.

Do you know how to do it?

TIA

Michael

Hi Michael,

from my point of view you have two options.

Either IIS6 is able to export all necessary information in ONE (1) PKCS12-file.

the other option is to have seprate files for the certificate the certificate chain which is associated to it (e.g. versign) and the private key.

With these files you can generate a PKCS12 file using openssl which is also available for windows.

with the last method I imported several certifactes to the SSL-SM.

Btw did youz mark the private key as exportal when genrating it?

Some issue like this is described in:

http://www.derkeiler.com/Newsgroups/microsoft.public.inetserver.iis.security/2005-01/0069.html

If not, there is no way to export the private key from my knowledge.

So the only chance is to genearte a new the certifacte mark the private key as exportable and do a new enrollment with the CA.

sorry...

Kind regards,

Joerg

I was able to export the certificate with the private key and was able to import it to the CSS.

I was not able to associate them. Below are the commands I used and the responses I got

SL-Accelerator(config)# ssl associate cert mmsite1 mmssite.pfx

%% Not a valid key or certificate file

SSL-Accelerator(config)# ssl associate rsakey mmsite1 mmssite.pfx

%% File does not contain an RSA key

HI Michael,

did you import the files as described in the document Gilles posted?

From the error codes I've the feeling, that importing was not performed properly or something went wrong as the ssl-module is missing the RSA key and or the does not recognice the file as a certificate file.

Is the imported fileformat PCKS12, PEM or DER?

If yes give it a try by renaming the file to the appropriate suffic like p12 pem der and import it once more.

Kind Regards,

Joerg

split key/certificate using openssl.

Gilles.

Spliting the keys using open-ssl solved the problem.

Thank you