--On Wednesday, May 28, 2008 12:19:25 -0500 Paul Schmehl
<[EMAIL PROTECTED]> wrote:
--On Wednesday, May 28, 2008 18:09:06 +0200 "Dr. Stephen Henson"
<[EMAIL PROTECTED]> wrote:
OpenSSL has supported sha1+RSA from the very beginning. You wouldn't expect
that error if it didn't recognize the algorithm.... even for totally
unsupported algorithms OpenSSL will still parse the certificates.
I'd say that whatever you are feeding into 'openssl pkcs12' is not in PKCS#12
format.
Hmmm....I have no doubt that you know exactly what you're talking about.
However, both certs were both exported from IE on Windows and then parsed by
openssl. According to Windows they are exported in pkcs12 format. AFAIK,
the only thing that's changed is the encryption algorithm used by Verisign.
Is there some way I can use openssl to see what's inside the cert that
doesn't work? If I sent the certs to you, could you determine what's changed?
Following up on my own response.....your answer led me to the resolution of the
problem. Since I couldn't do anything with that cert using openssl, I looked
at it with strings.
Type:This file is encrypted with SafeBoot Content Encryption - If you see this
message you must not edit or save this file, doing so will irretrievably
corrupt the data
)_(*&)(*&_*&_*&
I exported another copy to a location I knew to not be encrypted with Safeboot,
and openssl parses it just fine.
Thanks for pointing me in the right direction. Wish I thought of this months
ago.
--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
