Gary Chen wrote: > > Hello openssl-users, > > Why I can't convert the cert to pkcs12 except the private key ? > I wanna only export my personal cert and CA cert to a pkcs12 file > for SecureEmail(S/MIME). > But I don't know how to do that. I usd the command: > openssl pkcs12 -inkey my.key -out my.p12 -export -certfile CA.pem > -nokeys > > But the file my.p12 still includes my private key. Who can help me ? > Thanks ! >
The -nokeys option is when you convert a PKCS#12 file to PEM and tells the utility not to output the keys. You can't omit private keys on import because they are needed when you import a PKCS#12 file into a browser (or whatever). For sending S/MIME certificaets a PKCS#7 structure is more appropriate. This just includes certificates and no private keys. You can use the crl2pkcs7 utility to generate a certificates only PKCS#7 structure. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
