Arend van der Veen wrote:
>
> Hi,
>
> I am using Expect to automate certificate generation. The last step
> involves exporting the certificate into pkc212 format. Everything works
> great when I type the commands directly. However, when I execute the
> command in Expect the output file has zero length.
>
> The format of the command is:
>
> spawn openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -name
> "Certificate Name" -certfile cacert.pem -out newcert.p12
> expect "PEM pass phrase:"
> send "password\r"
> expect "Export Password:"
> send "password\r"
> expect "Export Password:"
> send "password\r"
>
> No error is generated but newcert.p12 usually is zero length. I am using
> other openssl commands successfully in Expect.
>
> Has anybody elso ran into this problem with openssl and the pkcs12 command ?
>
Hmmm. Can you handle passwords with other utilities like 'rsa'. OpenSSLs
password prompting is a bit unusual.
In the case of the PKCS#12 utility you can also use two other options to
include the password on the command line. If you do:
-envpass PASSENV
then it takes the password from the PASSENV environment variable.
Alternatively you can do:
-password pass
to include the password on the command line. WARNING process utilities
like 'ps' can be used to view the password on some platforms (e.g.
typical Unix).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
