Forum OpenACS Q&A: Necessary to get new cert for AOLserver upgrade?

I'm upgrading from AOLserver 2.3.3 to 3.4.2. I've installed OpenSSL and nsopenssl. The server starts using the test key and cert files but using the still-valid files from my 2.3.3 installation there are errors. My keyfile does not seem to be encrypted, but it is quite a lot shorter than the test keyfile.
Notice: nsopenssl: CertFile = /.../modules/nsopenssl/certfile-2002.pem
Notice: nsopenssl: KeyFile = /.../modules/nsopenssl/keyfile-2002.pem
Error: nsopenssl: error loading private key
  file "/.../modules/nsopenssl/keyfile-2002.pem"
Error: modload: failed to
  load '/.../aolserver/bin/nsopenssl.so': 'Ns_ModuleInit' returned -1
Fatal: modload: failed to load
  module '/.../aolserver/bin/nsopenssl.so'
Is it necessary to get new files for use with the new AOLserver or is the problem elsewhere? If new ones are necessary can someone explain why this is?
Eric, what were you using for SSL on the old 2.3.3 server? The nsssl binary from AOL?

It's been so long now I'm not really sure, but I believe that when I switched a site from AOLserver 2.3.3 to 3.x, I did have to get new key and cert files. I think even using nsssl for both 2.3.3 and 3.x, that was still the case, but I'm not certain. And switching to nsopenssl for the 3.x server (even though nsopenssl is better) makes it even more likely that your file formats aren't compatible...

I would ping Scott Goodwin and ask him if there's any way to get nsopenssl to read or translate old nsssl key/cert files from 2.3.3.

Everyone who has upgraded from nsssl to nsopenssl has had to get new keys and certs. I believe the old keys to work with AOLserver 3.x and the nsssl module (from what I'm told), but not with nsopenssl.

Not sure it's a major issue anymore. If it is, and someone wants me to research it, I'll need a real live key and cert that works in nsssl.