Hi Andrew, the pkcs12 utility writes the Certificate(s) and the key separated into one file the (3) only reads the first x509 structure and writes it in DER format (-outform DER) but doesn' t look at the rest of the file.
You can use "cut&paste" to edit the pkcs12 output into several files. the final question for me actually is: What do you want to do ? have a PKCS12 structure in DER format ? pull the key ot of a PKCS12 ? Regards Christian On Tue, Jul 08, 2003 at 12:45:01PM +0200, Whitaker, Andrew wrote: > Hi Christian, > > I think I'm almost there. Thanks for the detail on certificate verification and by > the way my IE error was just me trying to convert a pem file using the rsa instead > of x509. anyway could you possibly assist with hopefully one final thing :-) > > My situation: > > 1)I have a client certificate in IE6 which I've exported into PKCS12 (with private > key). > 2)I used the openssl pkcs12 util to push this into PEM format. > 3)Then used the x509 util to convert from PEM to DER. > 4)The DER file looks fine and can be used ok. However it doesn't appear to have the > private key inside. > a) I've done a -nout -text and couldn't see any mention > b) Nor when I import it into IE6 it doesn't come up with the (You have a > private key that corresponds to this certificate). > c) I know I'm stupid :-) > > Question: > 1)How do I tell whether the private key has been pushed into the PEM/DER formats? > 2)Should I be able to see any reference to the private keys in a x509 -nout -text > command? > > Regards, > > Andy. > > > -----Original Message----- > From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED] > Sent: 07 July 2003 13:52 > To: [EMAIL PROTECTED] > Cc: Whitaker, Andrew > Subject: Re: PKC12 to PEM to DER > > > Hello Andrew, > > On Mon, Jul 07, 2003 at 02:17:38PM +0200, Whitaker, Andrew wrote: > > > I have recently installed openssl package with the installation of cygwin. I > > > have used the openssl util to: > > > > > > 1) Pkc12 to PEM - this is successful. I have tested with the command (cat > > > ca-certificate-file | grep -E 'BEGIN.* CERTIFICATE' | wc -l) and verified it has > > > a valid certif inside. > > > 2) PEM to DER - this appeared to be successful showing no errors. When running > > > the above commnad on the output DER file it comes back with 0. ie nothing. > > > Also at a file level the Iexplorer app also indicates the certificate is invalid. > > the command above only finds the PEM header "----- BEGIN CERTIFICATE-----" > since DER does not have it, the command must fail. > > elaborate: "the Iexplorer app also indicates the certificate is invalid." > > > > > > > > Question - Are there any obvious issues surrounding conversion from PEM-DER > > > and/or have I missed something obvious. Apologies if it RTFM. > > PEM is the base64-encoding of the DER encoded file with additional Headers and > footers > > Regards > Christian > > > > > > > Regards, > > > > > > Andrew. > > > > > > Andrew Whitaker > > > > > > Technology Consultant > > > SAP (UK & Ireland) Limited > > > Clockhouse Place, > > > Bedfont Road, Feltham > > > Middlesex, TW14 8HD > > > > > > T +44 (0) 20 8917 6887 > > > F +44 (0) 20 8917 6433 > > > M +44 (0) 7808 575 887 > > > E [EMAIL PROTECTED] > > > > > > www.sap.com/uk/ <www.sap.com/uk/> > > > > > > > > > > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
