On Fri, Nov 22, 2002 at 01:50:37PM -0500, Chris Jarshant wrote:
> You can't convert a public key certificate into a PKCS12 file -
> the openssl pkcs12 routine *requires* a private key to be in such
> a file along with the public key, which you cannot have (CAs don't
> give out their private keys).
> 
> cj

well, given enough interest one still can do that.
Just write the tool.   "openssl pkcs12" is not the only game in the city
and pkcs12 specs allow for just a certificate

-vf

> 
> ----- Original Message ----- 
> From: "Matthew Hall" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, November 22, 2002 3:13 AM
> Subject: Re: Converting own CA certificate to pkcs12
> 
> 
> On Thu, 21 Nov 2002, mikecross wrote:
> 
> > Seems to me that you problem is that you didn't supply
> > password.
> > PKCS12 format stores Private + Public key pair
> > encrypted with password.
> 
> Why would I want to store all this in a pcks12 file that
> I want to give to clients/other people to import into
> their browser? Why would I want to encrypt it when I want
> it made freely available?
> 
> Anyway - if someone could confirm how to take a Certificate
> Authority Certificate, convert it into pkcs12 and put it into
> a form for Mozilla or Netscape to import, that would be
> great.
> 
> > > Converting it to DER format was easy:
> > >
> > > openssl x509 -in ca.crt -out ca.der -outform DER
> > >
> > > I'm having issues doing the same with pkcs12, I
> > > found something
> > > that seemed close:
> > >
> > > openssl pkcs12 -export -inkey ca.key -in ca.crt -out
> > > ca.p12 -name
> > > "Angui.sh Certificate Authority"
> > >
> > > But I thought I remember seeing a warning against
> > > doing that since
> > > it may include sensitive information into that file.
> > > And what's with
> > > the Export and Import passwords? What are they
> > > exactly? Am I missing
> > > some other command-line args, or is there a better
> > > way?
> > >
> > > Can someone help?
> > >
> > > Thanks!
> > >
> > > --
> > > It's always September somewhere on the 'net. |
> > > http://angui.sh
> > > Another proud member of Eep's killfile.      | Unix
> > > Sys. Admin.
> > > unreal://angui.sh                            |
> > > [EMAIL PROTECTED]
> > >
> > >
> > ______________________________________________________________________
> > > OpenSSL Project
> > > http://www.openssl.org
> > > User Support Mailing List
> > > [EMAIL PROTECTED]
> > > Automated List Manager
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > http://mailplus.yahoo.com
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> >
> 
> -- 
> It's always September somewhere on the 'net. | http://angui.sh
> Another proud member of Eep's killfile.      | Unix Sys. Admin.
> unreal://angui.sh                            | [EMAIL PROTECTED]
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to