On Sat, Dec 08, 2001 at 11:39:40AM +0400, Sarath Chandra M wrote:
> Hi,
> I am generating client certificates using this method at the openssl server:
>
> openssl genrsa -des3 -out user.key 1024
> openssl req -new -config openssl.cnf -key user.key -out user.csr
> openssl ca -config openssl.cnf -cert CA.pem -in user.csr -keyfile CA.key
> -out user.crt
>
> After this, I am exporting the user.crt to the browser for that user. Its
> working fine. Now, I would like
> to know where the private key of the user is ?
It is in user.key.
> I am using the user.crt to put it in the user entry in the ldap server. Does
> this user.crt contain
> client's private key also ?
No.
> If I need the user.crt in pkcs12 format, I use
> openssl pkcs12 -export -in user.crt -inkey user.key -out user.pfx
>
> Anything wrong with this export ? Does it contain the private key ?
It does contain the private key. Please consider to use the "-name" option
to specify a friendly name, that can be displayed by the browser when
listing the available certificates.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
