> From: owner-openssl-us...@openssl.org On Behalf Of Zico
> Sent: Sunday, 10 April, 2011 01:18
> Hi, I am trying to convert my one pem file to pkcs12 format
> using the command, but I am getting the error:
> "No certificate matches private key"
> I am using the command:
> openssl pkcs12 -export -in filename.pem -inkey
ds.server.info_privatekey.pem
> -out outfile.pkcs12 -name alias
> Here: 1. filename.pem --> concatenated file of "certificate" and
"RSA private key"
> 2. ds.server.info_privatekey.pem --> the privatekey file
> 3. outfile.pkcs12 --> the desired output file.
Aside: If the "-in" file contains both the cert and the privatekey,
you don't need to provide "-inkey" in addition.
But the error is that the cert and privatekey don't match.
At least one of these files is not what you think it is.
Basic things first: make sure you're in the correct directory,
and have the correct version(s) of the files -- did you perhaps
try more than once to generate and/or obtain a cert?
If Unix, make sure no filename is a symlink to the wrong place.
Is there more than one cert in "filename.pem"? Perhaps you
put the whole chain in there? Try making sure the entity cert --
the one for the key -- is first, or perhaps better only.
Is the cert correctly marked with BEGIN and END lines?
Try openssl x509 -in (certfile.pem) -noout -text
and openssl rsa -in (privkey.pem) -noout -text
and look at the modulus for each. They should match.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
