Dear openssl-bugs,
I am not sure, if I found bug in openssl, but I cannot solve some problems,
please help me.
For testing purposes of my project I need to generate some certificates
and corresponding private keys in pkcs12 format. I need
import these key sets to Outlook.
I was looking for CA, which is able to generate it for me and from
one CA I have web link to Your software.
>From second CA I got pkcs12 files, which has same bug as I have found
(all files You will find in attached zip files).
OpenSSL details:
OpenSSL 0.9.4 09 Aug 1999
built on: date not available
platform: information not available
options: bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int)
blowfish(idx)
compiler: information not available
Operating System Details:
Windows NT 4.0 Workstation build 1381 Service Pack 5 (i386 version)
Internet Explorer 5 (5.00.2314.1003)
Signcode for IE5
Compiler Details
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
from Visual C++ 6.0 with Service pack 3
Application Details
Certificate Manager ver. 5.131.1863.1 (CERTMGR.EXE)
Problem Description:
Pkcs12 file generated by openssl is not possible to import to Windows.
Certificate manager does import. When I import pkcs12 file, I get
error message (from Certificate manager import wizard):
"The input information is invalid."
Of course, nothing is imported. However, this message is showed only for
pkcs12 file with DSA keys. File containing RSA keys is possible import
without any problem.
Following commands generates all files:
dsaparam -outform PEM 1024 -out DSAparam.pem
req -new -newkey dsa:dsaparam.pem -sha1 //saved in req.txt
ca -msie_hack -in req.txt -out sign.txt
pkcs12 -export -keysig -inkey privkey.pem -in sign.txt -out
c:\temp\martin.pfx
x509 -in sign.txt -out c:\temp\martin.der -outform DER
(as PEM pass phrase and Export Password was used string 'password')
I tried another switches, but without any success. Currently I am not sure,
if it is bug in openssl or in Windows. It is interesting, I am able to
import
martin.der file. As CA I used SSLeay demo server. All generated files You
will
find in files.zip.
I have another set of files from CA, with same error on import. I think,
this CA use openssl or ssleay (files are in swh.zip, export password
for pkcs12 files is '1111').
Well, if You know something about described problem, please help and let
me known about fix.
Thank and best regards
Martin
Files.zip
Swh.zip
