Dear Suen Tak Tsung Daniel,
The PKCS12 format contains the private key. This format is mainly used to export private key with the certificate. The method you used to create the PKSC12 is correct. Double click the certificate and import it into the certificate manager of the desired browser. From the certificate manager you can view the details of the certificate and export it to any desired location and install it any browser's certificate manager.
Feel free to mail me for further clarifications on this topic.
Rakesh R
Ushustech
(Email: [EMAIL PROTECTED])
-----Original Message-----
From: Suen Tak Tsung Daniel [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 11, 2001 8:56 AM
To: [EMAIL PROTECTED]
Subject: pkcs12 and CA cert ?
Hi All,
I have created a CA for my organization and have sucessfully imported the
CA cert in DER format to an IE 5.5. However, I found that there is no
friendly name displayed. After poking through the web, someone seem to have
said that one has to use the pkcs12 format. I know it is available in openssl,
and so I issued something like:-
openssl pkcs12 -export -cacert -nokeys -name "My Org" -caname "My Org" \
-in cacert.pem -out cacert.pkcs12
and failed, saying that the command expects a private key. So, I did so with
addtional option "-inkey caprivate.pem", and I succeeded. However, it seems
that the private key is also contained in this cacert.pkcs12, which is kind
of strange. I used to think that, well, at least the DER import experience
told me that this shouldn't be necessary. Then, I imported it in IE5.5, and
it was OK, but when I viewed it in IE5.5, I found that it has a key sign
on it. I stopped there, and I found that other certificates come with IE5.5
don't have such a key sign. So, I just want to know, what's the proper way
of exporting my ca cert in pkcs12 format, so that IE5.5 and Netscape can
eat them cleanly and smoothly? Appreciate any help!
-daniel.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
