Midori - Have been following this thread with some interest, as we generate PKCS12 certs commonly for use on Macs (work equally well on Windows, without issue). Will be happy to work through it with you, offering any help we can.
We also are producing 2048-bit RSA keys to begin with, generate an x509 cert, then generate the PKCS12 cert from it: openssl pkcs12 -export -clcerts -inkey fubar.key -in fubar.crt -out fubar.p12 -name "Ferdinand Fubar" One note of difference is that we use the 'name' option - does Mac require this? Dunno. But it works. All of this is produced on Solaris, and transferred without any further EOL or EOF futzing; works without issue. Please let us know how we can help. Always eager to help a fellow Mac user. Lou Picciano ----- Original Message ----- From: "Midori Green" <midori.emer...@gmail.com> To: openssl-users@openssl.org Sent: Thursday, November 12, 2009 2:33:43 AM GMT -05:00 US/Canada Eastern Subject: PKCS12 import error into MacOSX keychain access I have been trying unsuccessfully to import a PKCS12 file created by openssl into the "keychain access" application for MacOSX. When I do, I always get the error: CSSMERR_CL_UNKNOWN_FORMAT Please note the following: * 2048 bit rsa private key, PEM encoded and encrypted with 3DES, and viewable with the following command: openssl rsa -inform PEM -in midori.key -text * X509v3 certificate, signed by a private CA, PEM encoded, and viewable with the following command: openssl x509 -inform PEM -in midori.cert -text * PKCS12 file created by the following command: openssl pkcs12 -export -inkey midori.key -in midori.cert -out midori.p12 and viewable (dumps RSA key+cert) with the following command: openssl pkcs12 -in midori.p12 -info Any suggestions on what I need to do to import my *EXISTING* RSA private key and certificate into Apple's MacOSX "keychain access" application? Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
