Jean-Marc Desperrier wrote:
nospam wrote:
I already searched there. I found information that was useful in setup
of Apache with mod_ssl, but nothing useful either on their web site or
in their docs that would let me complete a pkcs12 version for
browsers...it's like the ability is there, but nobody has ever asked,
so there are no examples.
Oh, really ?
http://www.openssl.org/docs/apps/pkcs12.html
http://www.drh-consultancy.demon.co.uk/pkcs12usg.html
First, I was citing openssl docs, so I did not have the drh url
available. Now within openssl.org docs, I found this to be fragmented
and incomplete. To quote the part you are probably looking at:
/////////////
EXAMPLES
Parse a PKCS#12 file and output it to a file:
openssl pkcs12 -in file.p12 -out file.pem
/////////////
...chicken and egg...where do I get the p12 file to start with?
////////////
Output only client certificates to a file:
openssl pkcs12 -in file.p12 -clcerts -out file.pem
////////////
...chicken and egg dilemma...where do I get the p12 file to start?
//////////
Print some info about a PKCS#12 file:
openssl pkcs12 -in file.p12 -info -noout
//////////
... chicken and egg...I don't have a p12 file yet.
//////////
Create a PKCS#12 file:
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
///////////
...I don't have a pem file, and I'm rather new at this...I know what the
public and private keys are, I know what a signing is...is a pem file
equivalent to something else? Why can't they just say so?
/////////
Include some extra certificates:
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
-certfile othercerts.pem
/////////
...same as above...I don't know how they generate the pem file.
The docs are nice factoids, but are not "newbie" level docs. In order to
understand the sample commands given there, I pretty much have to
already understand the commands that fulfill prerequisites.
Don't read too much into that though, I'm not trying to be negative. I'm
just saying I have failed, and that a bit more information in the docs
would have prevented that failure.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
