On Mon, Sep 20, 2010 at 02:42:08PM +0400, Sergey Sedov wrote:
> Hi,
>
> My ISP provides to me .p12 file containing certs for using TLS for wifi
> connection.
> I can install it under Windows and use it.
> But when I try to install it under Linux I have some troubles.
> NetworkManager wants 3 certs to setup TLS for wifi connection.
> I can extract User cert and Private Key, but can't extract CA Cert.
> The output file after using this command has zero length:
> openssl pkcs12 -in example.p12 -out cacert.pem -cacerts -nokeys
> So, I suppose that there is no CA Cert in this .p12 file.
> Is there any other way to obtain CA Cert for this ISP or to cheat
> NetworkManager?
> Why it works under Windows?
Windows has a large number of root and intermediate CA certificates
installed in its (root and intermediate) CA stores.
If you look at the leaf cert, it will list the issuing CA in the "issuer
DN" field, and likely also in an X.509v3 extension that specifies
the issuer key identifier. You can use that to find the correspoding
(intermediate) certificate in the Windows CA store, and from there walk up
the tree to the root CA.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
