SSL Certs with Mono XSP4

Question

I've been developing a v. small ASP web site using Mono XSP4. For development & test I've used some self-signed certificates, created using makecert and following instructions on http://www.mono-project.com/docs/web/using-clientcertificates-with-xsp/ amongst other places. All has been well in this world for a good while.

I'd like now to deploy using a CA cert, which I had created using openssl, following instruction on my CA's web site. The openssl command created a CSR, and a private key. The command I used was as follows:

openssl req -new -newkey rsa:2048 -nodes -keyout .key -out .csr

I've been through the process of creating the cert with my CA, using the CSR to generate a new .crt file. I've now tried running up XSP4 with the new .crt and the private key I generated in the CSR generation step with OpenSSL, and....well, XSP4 is spitting the dummy.

I'm getting the error "Invalid private key password or private key file '.key' is corrupt".

I'm running XSP as follows:

xsp4 --nonstop --https --port= --cert=.crt --pkfile=.key --pkpwd=

Any ideas why this might fail?

Does Mono XSP4 support 2048 bit certs?

Thanks in advance....!

Answer 1

It turns out that Mono XSP4 needed the private key in Microsoft PVK binary format. I used OpenSSL to convert the private key in PEM format to PVK format and XSP4 then loaded this OK.

The OpenSSL command I got from a Microsoft TechNet Q&A (https://social.technet.microsoft.com/Forums/windowsserver/en-US/85b2b79e-7c39-4b58-8e1e-9855a3af09f6/export-a-private-key?forum=winserversecurity)

openssl rsa -in FILENAME_key.pem -outform PVK -pvk-strong -out FILENAME.pvk

Hope this helps anyone out there with a similar issue!! Cheers.