PKCS12 is a data format. It's usually password-protected, and is designed
to bundle together a private key with one or more certificates. Openssl
includes tools (programs and API's) to parse and generate PKCS12.
Once you've extracted the cert, you can parse it, and add an extension. To
sign the new certificate, you need the CA's private key; if you don't have
that, forget it. If you do have that, then you might want to look at
apps/ca.c or apps/x509.c to see the API's used to manipulate extensions
and sign certificates.
/r$
--
SOA Appliances
Application Integration Middleware
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
