On Fri, Nov 22, 2002 at 01:50:37PM -0500, Chris Jarshant wrote: > You can't convert a public key certificate into a PKCS12 file - > the openssl pkcs12 routine *requires* a private key to be in such > a file along with the public key, which you cannot have (CAs don't > give out their private keys). > > cj
well, given enough interest one still can do that. Just write the tool. "openssl pkcs12" is not the only game in the city and pkcs12 specs allow for just a certificate -vf > > ----- Original Message ----- > From: "Matthew Hall" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, November 22, 2002 3:13 AM > Subject: Re: Converting own CA certificate to pkcs12 > > > On Thu, 21 Nov 2002, mikecross wrote: > > > Seems to me that you problem is that you didn't supply > > password. > > PKCS12 format stores Private + Public key pair > > encrypted with password. > > Why would I want to store all this in a pcks12 file that > I want to give to clients/other people to import into > their browser? Why would I want to encrypt it when I want > it made freely available? > > Anyway - if someone could confirm how to take a Certificate > Authority Certificate, convert it into pkcs12 and put it into > a form for Mozilla or Netscape to import, that would be > great. > > > > Converting it to DER format was easy: > > > > > > openssl x509 -in ca.crt -out ca.der -outform DER > > > > > > I'm having issues doing the same with pkcs12, I > > > found something > > > that seemed close: > > > > > > openssl pkcs12 -export -inkey ca.key -in ca.crt -out > > > ca.p12 -name > > > "Angui.sh Certificate Authority" > > > > > > But I thought I remember seeing a warning against > > > doing that since > > > it may include sensitive information into that file. > > > And what's with > > > the Export and Import passwords? What are they > > > exactly? Am I missing > > > some other command-line args, or is there a better > > > way? > > > > > > Can someone help? > > > > > > Thanks! > > > > > > -- > > > It's always September somewhere on the 'net. | > > > http://angui.sh > > > Another proud member of Eep's killfile. | Unix > > > Sys. Admin. > > > unreal://angui.sh | > > > [EMAIL PROTECTED] > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project > > > http://www.openssl.org > > > User Support Mailing List > > > [EMAIL PROTECTED] > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > > http://mailplus.yahoo.com > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > -- > It's always September somewhere on the 'net. | http://angui.sh > Another proud member of Eep's killfile. | Unix Sys. Admin. > unreal://angui.sh | [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Naina library: http://www.unity.net/~vf/naina_r1.tgz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]