At 10:52 30.04.2002 +0200, you wrote: >In message <[EMAIL PROTECTED]> on Mon, 29 >Apr 2002 12:22:32 -0700 (PDT), Tim Jones <[EMAIL PROTECTED]> said: > >t0psecret> I'm trying to create password-protected client certs >t0psecret> with OpenSSL and ssl.ca-0.1.tar.gz. Is this what >t0psecret> "export password" refers to (when creating the key), >t0psecret> or is there another way? I'm not sure whether the >t0psecret> export password is a permanent password for the cert >t0psecret> or just a one-time password used to import the .p12 >t0psecret> file. >t0psecret> >t0psecret> If it's the former, it seems as though Window strips >t0psecret> this password when I import the cert, because I'm only >t0psecret> asked for it the one time when importing. Is there any >t0psecret> way around this? > >You're mixing up certificate and private key. The password will >protect the private key. The certificate is (or should be) filled >with public information only, and therefore doesn't require any >password protection. > >-- >Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
That reminds me of a question I once asked, but didn't get a reply: pkcs#12 files can contain encrypted certificates or unencrypted certificates. Since, like you notice, the cert doesn't require protection, why can't openssl generate pkcs#12 file with encrypted private key, but cleartext cert? Jörn Sierwald ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
