I suggest: - edit the certificate file and see if "CERTIFICATE" is indeed in the first line, as your openssl pkcs12 command claims it doesn't see it.
- see if the asn1parse command can decipher the cert. - try verifying it by specifying different cert formats to find out what type it really is. - try adding "------ BEGIN CERTIFICATE -------", "-------- END CERTIFICATE --------" wrappers if not there (check number of dashes!). -Bob -----Original Message----- From: David Iungerich [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 10:55 AM To: [EMAIL PROTECTED] Subject: RE: PKCS#12 and Verisign cert The cert.cer file is the result of taking a request file in PEM format (req.pem) and giving it's contents to Verisign for signing. According to Verisign, they send back in the same format. Question is, what did they send back, and did I send the right thing. This is getting a bit annoying trying to come up with a server cert and client key to hand out. It should be so simple. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dr. Stephen Henson Sent: Tuesday, August 20, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: Re: PKCS#12 and Verisign cert On Tue, Aug 20, 2002, David Iungerich wrote: > I have the following. > > key.pem - private key created with openssl. > req.pem - CSR created with openssl. > cert.cer - Signed cert returne from Verisign after sending them req.pem. > > I need to find out what openssl commands to use to package this all up in a > PKCS#12 file that my server requires. Anyone know the specific steps. > > I've tried the following, but I get the below error. > > openssl pkcs12 -export -in key.pem -certfile cert.cer -out server.p12 -name > "Prod Forte Certificate" > > I've also tried copying the certificate text in the e-mail that came back > from Verisign and placing that in a file with a .pem extension. Same > result. > > Error loading certificates from input > 20906:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:662:Expec > ting: CERTIFICATE > What is in the .cer file? It probably isn't a certificate in PEM format and may need converting. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
