Hi, cmose, The KeyStoreBuilder utility in "not-yet-commons-ssl" can probably create a java keystore file for you. Take a look at this java library:
http://juliusdavies.ca/commons-ssl/download.html The KeyStoreBuilder in particular is documented here: http://juliusdavies.ca/commons-ssl/utilities.html java -cp not-yet-commons-ssl-0.3.8.jar org.apache.commons.ssl.KeyStoreBuilder KeyStoreBuilder converts PKCS12 and PKCS8 to Java "Keystore" KeyStoreBuilder: creates '[alias].jks' (Java Key Store) -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8) [alias] will be set to the first CN value of the X509 certificate. ------------------------------------------------------------------- Usage1: [password] [file:pkcs12] Usage2: [password] [file:private-key] [file:certificate-chain] Usage3: -topk8 [password] [file:jks] ------------------------------------------------------------------- [private-key] can be openssl format, or pkcs8. [password] decrypts [private-key], and also encrypts outputted JKS file. All files can be PEM or DER. yours, Julius On 6/20/07, cmose <[EMAIL PROTECTED]> wrote:
well, just to follow up, and I know this is more of a general ssl question so I appreciate the patience. I opened up the server.p12 file in wordpad, expecting binary as, in my understanding at least, pkcs12 is a binary format. To my surprise wordpad displayed the standard --BEGIN CERTIFICATE-- xyz --END CERTIFICATE--. Opening a known good pkcs12 file displayed the expected binary. Is something amiss with server.p12? cmose wrote: > > I'm having a problem trying to convert a pkcs12 certificate to a pem cert. > So far, what I get when running > "openssl pkcs12 -in server.p12 -out server.pem" is (and exlude typos - I'm > hand typing this from another system) . > > 2396:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:946: > 2396:error:OD07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:304:Type=PKCS12 > > running the same command with -nocerts or -nokeys produces identical > results. I'm using openssl version 0.9.7d. > > now some background as to why I'm trying to do this as perhaps that might > help: I have a .p12 file that I want to use with tomcat for ssl > encryptiong/client authentication. I can use java's keytool -printcert > -file server.p12 and that works fine, > however, attempting to do keytool -list -keystore server.p12 -storetype > pkcs12 causes a java.io.IOException: toDerInputStream rejects tag type 45. > I know that is more of a java question but there isn't really any useful > information I've found so far so I'm hoping that whatever is causing > openssl to bomb out can point me in the right direction... > -- View this message in context: http://www.nabble.com/problem-converting-pkcs12-cert-to-pem-%28for-use-with-keystore%29-tf3953221.html#a11216878 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- yours, Julius Davies 604-251-3219 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
