[thelist] SSL Certificate Question

Burhan Khalid thelist at meidomus.com
Thu Mar 24 00:37:09 CST 2005

Hello Everyone:

   We are purchasing a SSL certificate from Thawte for one of our 
clients.  The certificate will be used in two capacities ... one, to 
secure the site and secondly to authenticate against a remote server 
that is their payment gateway.

   The problem is that the client's server is running Tomcat, and the 
gateway is running IIS. We got the certificate in PKCS#7 format; and it 
installed in Tomcat just fine.

   When we sent the certificate to the gateway provider to install at 
their location, they told us that the certificate is not compatible with 
IIS, and we need a X.509 certificate.

   Now Thawte is telling us that we need to purchase the certificate 
again to get it in "DER encoded binary" format, which apparently is what 
IIS understands.  Is this a normal thing? We can't convert the certificate?

   I'm a bit doubtfull of the Windows certificate conversion tool.  I've 
experimented with trial certificates from Thawte, and whenver I ask it 
to convert a certificate to PKCS, it spits out some binary garbage, that 
I can't import into Tomcat because it doesn't detect it as a valid X.509 
certificate; the certificate that I get from Thawte in PKCS format is 
plain text, and I just copy and paste it into a file, and it imports fine.

   Any ideas? Do we need to purchase it again?


More information about the thelist mailing list