nospam wrote: > I'm using linux, and failing to create key pairs for mozilla. The > problem is that I have yet to figure out the right way to use the > openssl tools for creating a key pair in the pkcs12 that mozilla will > import.
Mozilla expects the PKCS12 file to contain a private key and an X.509 public key certificate that contains the corresponding public key. That doesn't sound like what you described. Mozilla can't use a bare pair of RSA keys (to authenticate to a web site) without the public key certificate that contains the public key. > I need to create a key pair, and send a public key to be signed > by a private web site in order to access the site. The process you describe sounds almost exactly like the process of generating and sending a "certificate signing request" (CSR), which results in you getting an X.509 certificate with your public key in it. > Do I start with the > creation of an rsa key pair like I would with apache, and then create a > request to sign from that? Well, that is the general description of the process of creating a CSR. So, yes, those are the steps taken, but the specifics must be just right. > Or do I somehow convert it to pkcs12 after the rsa pair? > Or do I start directly with a pkcs12 and send the public key to be signed? You'd make a PKCS12 file AFTER you've gotten the certificate for the public key. The PKCS12 file would contain the certificate and the private key. > Every variation I've tried from the man pages and docs I end up with a > 0-byte file. Is it even possible for an individual to > use openssl to create a personal key pair that mozilla can import? This is the wrong place to ask for help with OpenSSL. OpenSSL is the competition to mozilla. One doesn't ask questions about a Mercedes in a newsgroup dedicated to discussing Porsche automobiles, and vice versa. But the bigger question is this: Mozilla is quite capable of generating its own RSA key pairs, requesting certificates for them, importing those certificates, exporting the key and cert in a PKCS12 file (if desired) and using the key and cert for client authentication. So, why do you want to get OpenSSL involved? -- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
