-----Original Message-----
From: Daniel Suen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 11, 2001 11:35 AM
To: [EMAIL PROTECTED]
Subject: RE: pkcs12 and CA cert ?
But then, I still don't see how things fit together. The thing is that, (1) is
it normal to have the CA cert in my IE with a "key sign" on it?
This is perfectly all right. What is wrong in having a certificate with key sign on it. The certificate supports all required functionality. Only PKCS12 will have friendly name in it.
(2) If (1) is
abnormal, how can I get rid of it? I've done the import, and tried export to
other formats which strips the private key off and re-imported it (with the
previous one removed), but still failed to get the "Friendly Name" on.
-daniel.
At 09:19 AM 2001/4/11 +0530, Rakesh.R wrote:
>
> Dear Suen Tak Tsung Daniel,
>
> The PKCS12 format contains the private key. This format is mainly used to
> export private key with the certificate. The method you used to create the
> PKSC12 is correct. Double click the certificate and import it into the
> certificate manager of the desired browser. >From the certificate manager you
> can view the details of the certificate and export it to any desired location
> and install it any browser's certificate manager.
>
> Feel free to mail me for further clarifications on this topic.
>
> Rakesh R
> Ushustech
> (Email: [EMAIL PROTECTED])
>
> -----Original Message-----
> From: Suen Tak Tsung Daniel
> [<mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 11, 2001 8:56 AM
> To: [EMAIL PROTECTED]
> Subject: pkcs12 and CA cert ?
>
> Hi All,
>
> I have created a CA for my organization and have sucessfully imported the
> CA cert in DER format to an IE 5.5. However, I found that there is no
> friendly name displayed. After poking through the web, someone seem to have
> said that one has to use the pkcs12 format. I know it is available in
> openssl,
> and so I issued something like:-
>
> openssl pkcs12 -export -cacert -nokeys -name "My Org" -caname "My Org" \
> -in cacert.pem -out cacert.pkcs12
>
> and failed, saying that the command expects a private key. So, I did so with
> addtional option "-inkey caprivate.pem", and I succeeded. However, it seems
> that the private key is also contained in this cacert.pkcs12, which is kind
> of strange. I used to think that, well, at least the DER import experience
> told me that this shouldn't be necessary. Then, I imported it in IE5.5, and
> it was OK, but when I viewed it in IE5.5, I found that it has a key sign
> on it. I stopped there, and I found that other certificates come with IE5.5
> don't have such a key sign. So, I just want to know, what's the proper way
> of exporting my ca cert in pkcs12 format, so that IE5.5 and Netscape can
> eat them cleanly and smoothly? Appreciate any help!
>
> -daniel.
> ______________________________________________________________________
> OpenSSL Project
> <http://www.openssl.org>http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
