Your private key is in the file 'user.key', which you have specified by
passing the argument '-out user.key' to the genrsa command.
Your certificate, stored in 'user.crt' does not contain the private key,
hence the name "public-key certificate", but the PFX you create
('user.pfx') using the pkcs12 command will. The phrase "if I need the
[certificate] in pkcs12 format" is a bit misleading, as pkcs12 isn't a
certificate format per se, but rather a format used to transport and
store both private keys and certificates.
//oscar
> Sarath Chandra M wrote:
>
> Hi,
> I am generating client certificates using this method at the openssl
> server:
>
> openssl genrsa -des3 -out user.key 1024
> openssl req -new -config openssl.cnf -key user.key -out user.csr
> openssl ca -config openssl.cnf -cert CA.pem -in user.csr -keyfile
> CA.key -out user.crt
>
> After this, I am exporting the user.crt to the browser for that user.
> Its working fine. Now, I would like
> to know where the private key of the user is ?
> I am using the user.crt to put it in the user entry in the ldap
> server. Does this user.crt contain
> client's private key also ?
>
> If I need the user.crt in pkcs12 format, I use
> openssl pkcs12 -export -in user.crt -inkey user.key -out user.pfx
>
> Anything wrong with this export ? Does it contain the private key ?
>
> I am doing all these without proper knowledge of openssl. Half
> knowledge is dangerous. But I can't
> help it now. So kindly bear with me if there's anything stupid in the
> method above.
>
> thanx and regards
> sarath
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
