> From: owner-openssl-us...@openssl.org On Behalf Of Kannan J
> Sent: Thursday, 09 December, 2010 13:19
> [Created .p12 using]
> D:\>openssl pkcs12 -export -out MSCACertificateBundle.p12
> -inkey MSCAPrivateKey.pem -in MSCACertificate.cer
> When I try to read the Certificate using the below java code,
> it fails to find the certificate against the alias (which happens to be
"1").
> I'm attaching the certificate, key and the p12 bundle. Please advice.
It appears SunJSSE (at least 6u20, which is what I have at hand)
can't handle pkcs12 with empty password (as yours has).
getEntry with null throws UnrecoverableKey "requires password"
but getEntry with (PasswordProtection containing) empty password
or getKey throws nested(?) zerodiv, and getCertificate returns null.
(load with empty gives IOException "failed to decrypt" with stack
and clearly nested zerodiv in several levels of PBECipherCore*.)
And keytool gives no error message but says it is a SecretKey
(and sometimes with wrong alias!) which is crazy.
Likely somebody wrote catch clauses without thinking enough.
With a nonempty password not used in load, getKey with password works,
but getCertificate again returns null and getEntry throws NullPointer
(according to debugger, in a constructor that got a null certificate).
With a nonempty password used in load, getCertificate works;
try that. Then getEntry or getKey with password also work.
I didn't have time to go through mixtures (empty MACkey
nonempty exchangekey or vice versa). You might if you care.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
