Ashok Kumar wrote:
Occasionally someone suggests using a command such as:
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing anyone to forge certificates in
whatever name they choose.
=====================================
May I know why openssl command behaves so?
why? because that command TELLS it to.
What's the alternative to import cert and key in any application using
openssl or any other tool?
well, to import a key, you don't use -export ...
'in any application using any tool' ? can't answer that.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
