how to export private key from Godaddy certificate and use with Apache SSL

Question

I purchased a Godaddy Certificate, I correctly installed it on my Mac Server, so now I see 2 entry within Keychain Application:

• Go Daddy Secure Certification Authority
• mydomain
  • mydomain (private key)

Then I added the certificate (mydomain.com) to a VirtualHost of httpd.conf file, so:

<VirtualHost *:443>
     DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
     ServerName mydomain.com
     ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
     CustomLog "/private/var/log/apache2/mydomain.com-access_log" common
     SSLCertificateFile /etc/apache2/mydomain.cer
     JkMountCopy On
     JkMount /* ajp13
</VirtualHost>

Then, I guess, I also need the private key file, otherwise Apache fails to handle the certificate. How to do this? I can save the certificates from Apple Keychain into .pem and .cer file.

Answer 1

In the Keychain, export your private key and certificate in PKCS#12 format (.p12 file, Personal Information Exchange). You should be able to do this using by expanding your private key entry (in Keychain Access), right-clicking on its certificate and using Export. It will probably ask you for a password to protect this p12 file.

Then, in the Terminal, extract the private key using OpenSSL:

 umask 0077
 openssl pkcs12 -in filename.p12 -nocerts -nodes -out filename-key.pem
 umask 0022

• Note that you should protect this file, since the private key will not be password protected (so that it can be used by Apache Httpd).

Similarly, for the certificate (although it seems you may already have it in PEM format, so you might not need this step):

 openssl pkcs12 -in filename.p12 -clcerts -nokeys -out filename-cert.pem

Then, set the SSLCertificateFile (cert) and SSLCertificateKeyFile (private key) options to point to these files in your Apache Httpd configuration.