I don't know what CA.pl -pkcs12 does nor what it does expect. Anyway, if
you simply need to create a PKCS12 file to import in netscape you need
at least the file containing the private key (say for example
newkey.pem) and the one with your certificate (say newcert.pem). If you
also have your CA certificate file in, say, cacert.pem you can put in
one PKCS12 file altogether by doing:
$>openssl pkcs12 -export -out mycerts.p12 -in newcert.pem -inkey
newkey.pem -certfile cacert.pem
you will be asked for the private key encryption passphrase first, and
then for a new passphrase to protect the PKCS12 package. It will create
the file mycerts.p12 containing all the things you need.
Switch to netscape and import everything selecting mycerts.p12. You will
be asked the passphrase protecting the package and the one protecting
netscape's key repository, I don't remember in whitch order at the
moment, pay attention to message boxes title. Netscape will import your
certificate and private key and, more, your CA certificate. Remember to
grant rights to your CA to let it verify your client certificate.
It seems difficult but it's not so.
bye
Pietro
> Hi,
> can you help me ?
> I have created the certificate using openssl.0.9.5a
> by the following commands.
> CA.pl -newreq
> CA.pl -signreq
>
> I have converted in to pkcs12 format by doing the following
> I have copied the private key from the file newreq.pem
> in to newcert.pem
> cacert.pem is in ./demoCA
> After that I have given the command
> CA.pl -pkcs12 "My Certificate"
> I have got the newcert.p12
>
> I couldn't import my certificate (newcert.p12) in Netscape 4.7
> I have got the following message after entering the passphrase
> Unable to import certificates.The file specified is either corrupt
> or is not a valid file.
>
> Regards
> Vimalan.G
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]