Hi Christian,
I think I'm almost there. Thanks for the detail on certificate verification and by
the way my IE error was just me trying to convert a pem file using the rsa instead of
x509. anyway could you possibly assist with hopefully one final thing :-)
My situation:
1)I have a client certificate in IE6 which I've exported into PKCS12 (with private
key).
2)I used the openssl pkcs12 util to push this into PEM format.
3)Then used the x509 util to convert from PEM to DER.
4)The DER file looks fine and can be used ok. However it doesn't appear to have the
private key inside.
a) I've done a -nout -text and couldn't see any mention
b) Nor when I import it into IE6 it doesn't come up with the (You have a
private key that corresponds to this certificate).
c) I know I'm stupid :-)
Question:
1)How do I tell whether the private key has been pushed into the PEM/DER formats?
2)Should I be able to see any reference to the private keys in a x509 -nout -text
command?
Regards,
Andy.
-----Original Message-----
From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED]
Sent: 07 July 2003 13:52
To: [EMAIL PROTECTED]
Cc: Whitaker, Andrew
Subject: Re: PKC12 to PEM to DER
Hello Andrew,
On Mon, Jul 07, 2003 at 02:17:38PM +0200, Whitaker, Andrew wrote:
> > I have recently installed openssl package with the installation of cygwin. I have
> > used the openssl util to:
> >
> > 1) Pkc12 to PEM - this is successful. I have tested with the command (cat
> > ca-certificate-file | grep -E 'BEGIN.* CERTIFICATE' | wc -l) and verified it has a
> > valid certif inside.
> > 2) PEM to DER - this appeared to be successful showing no errors. When running
> > the above commnad on the output DER file it comes back with 0. ie nothing. Also
> > at a file level the Iexplorer app also indicates the certificate is invalid.
the command above only finds the PEM header "----- BEGIN CERTIFICATE-----"
since DER does not have it, the command must fail.
elaborate: "the Iexplorer app also indicates the certificate is invalid."
> >
> > Question - Are there any obvious issues surrounding conversion from PEM-DER and/or
> > have I missed something obvious. Apologies if it RTFM.
PEM is the base64-encoding of the DER encoded file with additional Headers and footers
Regards
Christian
> >
> > Regards,
> >
> > Andrew.
> >
> > Andrew Whitaker
> >
> > Technology Consultant
> > SAP (UK & Ireland) Limited
> > Clockhouse Place,
> > Bedfont Road, Feltham
> > Middlesex, TW14 8HD
> >
> > T +44 (0) 20 8917 6887
> > F +44 (0) 20 8917 6433
> > M +44 (0) 7808 575 887
> > E [EMAIL PROTECTED]
> >
> > www.sap.com/uk/ <www.sap.com/uk/>
> >
> >
> >
> >
> >
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
