Ok, so I know this isn't strictly an OpenSSL question, so I apologize - but I'd guess someone here knows the answer, or can direct me to the correct resource. [I've done a lot of searches, but no real luck.]
I'm trying to import both a private key and certificate generated with OpenSSL into a Windows client. [Lets assume Win7 and 8] It looks like p12 files are probably the best way to go. [Glad to stand corrected, but that's what it looks like to me.] So, I've cranked out a p12 file [converted from seperate PEM files, also initially generated with OpenSSL] with the client-private-key and client-cert inside. (Like so: openssl pkcs12 -keypbe aes-256-cbc -export -inkey infile.key -in infile.crt -out outfile.p12) I initially tried encrypting it with "-keypbe aes-256-cbc" - however Windows barfs on it. [This should encrypt the p12 with AES-256, I think.] I did it again, using "-descert" [which, AFAICT should encrypt with 3DES] (Like so: openssl pkcs12 -descert -export -inkey infile.key -in infile.crt -out outfile.p12) Windows likes this second one. While 3DES is probably "good enough" - I'd rather use AES-256. So the root of my question is: 1) What formats can Windows [7/8] accept? [Pointers somewhere would be good - google didn't help me find much.] 2) Is there some reasonable way to generate/convert the key/cert using OpenSSL, to use something better than 3DES that Windows will accept? TIA for any light you can shed on the situation. [I have similar questions about OSX - so if you have data about OSX that would be handy too. However, OSX isn't as critical to me at the moment, so I'm not as exercised about it. :) ] -Greg
