Sadir Al-khafaji wrote:
>
> openssl x509 -req -in new.cert.csr -out client.cert.cert -signkey Ca.key
> -CA saal-rsa.crt -CAkey Ca.key -CAcreateserial -days 365
> Signature ok
> subject=/C=SE/ST=na/L=na/O=na/OU=na/CN=foo.com/Email=na
> Getting Private key
> Getting CA Private Key
First problem you are using conflicting arguments. -signkey turns a
request into a self signed certificate and -CA signs it as a CA. Don't
use the -signkey argument.
> and it was ok then i was going to export it to pkcs12 and this is what i
> have got
>
> openssl pkcs12 -export -in saal-rsa.crt -inkey privkey.pem -name "Test"
> -caname "Test CA" -certfile new.cert.cert -out mycert.p12
> Enter PEM pass phrase:
> No certificate matches private key
If you are using OpenSSL 0.9.4 this has been known to happen. Try 0.9.5.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
