On Fri, Aug 21, 2009, Dave Thompson wrote: > > I assume you mean a .pfx file which is a PKCS#12. (That suffix has > also been used for other things which I don't think openssl supports.) > A PKCS#12 doesn't contain files as such; it contains pieces of data > you might reasonably put in files. In particular it usually contains > a private-key, which would make sense in a .pvk file. It usually also > contains at least one certificate, often a whole chain, but not > in PKCS#7 format, which is what I believe .spc usually means, > and AFAICS openssl has no 'app' function to build a PKCS#7. > (Only to operate on an existing one, and limited at that.) > You might see if whatever you want this data for can accept > one or several "plain" certs (typically .cer or .crt) each > in a file, or a concatenation of certs in a file, instead. > (In either DER or PEM formats; openssl can convert those.) >
To all intents and purposes PFX these days means PKCS#12. Only ancient versions of Netscape browsers use the obsolete "real PFX" format. OpenSSL can create PKCS#7 format files using the crl2pkcs7 utility. PVK files can be created using my PVK utility (see my homepage and PKCS#12 FAQ www.drh-consultancy.demon.co.uk) or by using OpenSSL 1.0.0 directly but you'd need to compile/install that. My guess is the OP is attempting to use MS code signing tools and is either reading my PKCS#12 FAQ or a derivative of it. If it is a derivative it may have missed out the most important point: you don't usually need SPC and PVK files you can import the PKCS#12 file using MSIE and use it with the -cn option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
