> From: owner-openssl-us...@openssl.org On Behalf Of prasad kasthuri
> Sent: Thursday, 25 February, 2010 14:44
> To: openssl-users@openssl.org
> Subject: Need help on creating certs
> I am getting the following error while creating certs using openssl
> command. Please help me to create a cert using openssl.
> C:\OpenSSL\bin>openssl -inkey mykeyfile.pem -in -mycertfile.pem -out
myCert.p1
> -export
> openssl:Error: '-inkey' is an invalid command.
The first 'word' to the openssl commandline utility must be a command,
and as the error says -inkey is not a command.
If you have an input file named mycertfile.pem, you probably have
a cert in it, and are NOT creating one. That combination of input
and output files with -export would make sense for creating a
*PKCS12* (transport blob) *FROM* a cert and corresponding keypair.
If so, the command you want is "pkcs12". However naming a pkcs12
as ending in ".p1" is legal as far as OpenSSL is concerned, but
very misleading and quite likely to cause problems down the road.
If you actually want to *create* a cert you have several options
with OpenSSL. The simplest is to create a selfsigned cert with
"req -new (or -newkey+) -x509 +" (that is, the req command with
the -new or -newkey option, and the -x509 option, and other
options as appropriate. Alternatively you can create a CSR
(Certificate Signing Request) with "req" or with other software,
and generate a cert from it (more than just signing, despite
the name) with "x509 -req +" or also record/manage it with "ca +".
Each of these has a number of options (slightly different!)
as to various important fields that go into the (CSR and) cert.
You need to give more detail about what you are doing.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
