liug <[EMAIL PROTECTED]> wrote: > Nelson B. Bolyard <[EMAIL PROTECTED]> wrote: >> liug wrote: >>> >>> How can I use the NSS tools to convert a openssl generated >>> key pem file to netscape key3.db ?
>> I believe there is some OpenSSL program that will create a .p12 file >> (a.k.a "PFX" file) from your key/cert. Mozilla can import the .p12 file. > ok, here is what I did: > 1) combine the key/cert pair in test2.pem > 2) convert the pem to p12 format > openssl pkcs12 -export -name Server-Cert -in test2.pem -out test2.p12 > 3) verify the "test2.pl2": > openssl pkcs12 -in test2.p12 -nodes > all looks fine, both key and cert. > (all bag attributes are there) > 4) now try to import it (I already have key3.db and cert7.db created). > pk12util -i test2.p12 -d . > it gives: > pk12util: PKCS12 decode validate bags failed: The user pressed cancel. btw, the reverse works perfectly. I was able to convert iplanet6 webserver to apache by exporting key/cert to pk12, and then use openssl to convert pk12 to pem that apache uses. it seems netscape makes it easy to people to move away :) frank
