ok, that probably means that the key and cert you are using are not related. You need to create a certificate with your key and use *that* certificate with it. (They must match - and that's what I mean by match - the key "creates" the certificate)...
Look at the docs for how to generate a certificate - you'll see that a key is used to do so... Mike -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssl pkcs12 -in key.pem -out key.pkcs12 -export -certfile cert.pem No certificate matches private key On Friday 19 March 2004 12:19 pm, Mike Gagnon wrote: > I haven't tried that, but I think that might work. The easiest way is to > use the certfile option like Amar said... > > Mike > > so is the idea then that I 'cat key.pem cert.pem > key+cert.pem' and run > openssl against key+cert.pem? > > On Friday 19 March 2004 11:55 am, Mike Gagnon wrote: > > You can't place a key without its certificate into a PKCS12. You need > > both - they are coupled together in this type of file. You can even > > store certificates that were not created with the supplied key, but at > > least one of the certificates must "match" the supplied key.. > > > > Mike > > > > > > > > I've tried the following and I always get "No certificate matches > > private key". > > openssl pkcs12 -in key.pem -out key.pkcs12 -export > > openssl pkcs12 -in key.pem -out key.pkcs12 -export -nocerts > > openssl pkcs12 -export -in key.pem -inkey key.pem -out key.pkcs12 > > -nocerts -name "Sample name" > > > > The RSA key was originally generated on a Cisco Content Service Switch > > 11506 w/ a SSL Accelerator module. > > > > Please advise. - -- Jeremy M. Guthrie Systems Engineer Berbee 5520 Research Park Dr. Madison, WI 53711 Phone: 608-298-1061 Berbee...Decade 1. 1993-2003 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAWzptqtjaBHGZBeURAoShAJ9/MTQ/4m+ERCo3NEtfhkrgXQWLxQCeLXlr 51BxMziLUslijVN0TTBSm1o= =4gVS -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
