well, just to follow up, and I know this is more of a general ssl question so I appreciate the patience. I opened up the server.p12 file in wordpad, expecting binary as, in my understanding at least, pkcs12 is a binary format. To my surprise wordpad displayed the standard --BEGIN CERTIFICATE-- xyz --END CERTIFICATE--. Opening a known good pkcs12 file displayed the expected binary. Is something amiss with server.p12?
cmose wrote: > > I'm having a problem trying to convert a pkcs12 certificate to a pem cert. > So far, what I get when running > "openssl pkcs12 -in server.p12 -out server.pem" is (and exlude typos - I'm > hand typing this from another system) . > > 2396:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:946: > 2396:error:OD07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:304:Type=PKCS12 > > running the same command with -nocerts or -nokeys produces identical > results. I'm using openssl version 0.9.7d. > > now some background as to why I'm trying to do this as perhaps that might > help: I have a .p12 file that I want to use with tomcat for ssl > encryptiong/client authentication. I can use java's keytool -printcert > -file server.p12 and that works fine, > however, attempting to do keytool -list -keystore server.p12 -storetype > pkcs12 causes a java.io.IOException: toDerInputStream rejects tag type 45. > I know that is more of a java question but there isn't really any useful > information I've found so far so I'm hoping that whatever is causing > openssl to bomb out can point me in the right direction... > -- View this message in context: http://www.nabble.com/problem-converting-pkcs12-cert-to-pem-%28for-use-with-keystore%29-tf3953221.html#a11216878 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
