I am trying to get stunnel to work with a signed user certificate that
netscape will use. I've gotten a trial 60-day certificate from
Verisign which I've exported from netscape to a .p12 file. I'm trying
to convert it to a .pem file so that I can use it with stunnel.
The command "openssl pkcs12 -in qtest.p12 -noout -info" gives
MAC Iteration 1
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1
Certificate bag
Certificate bag
Certificate bag
However, an attempt to convert as follows:
openssl pkcs12 -in qtest.p12 -out qtest.pem
results in
MAC verified OK
Error outputting keys and certificates
26330:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:243:
26330:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal
error:p12_decr.c:95:
26330:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt
error:p12_decr.c:121:
This output came from openssl 0.9.5a, but I've tried with 0.9.6 with
the same results. I've build openssl with ./configure accepting
whatever its defaults are.
Any suggestions? I'm not subscribed to openssl-users. I've checked
the archives and the pkcs12 manual page to no avail. Thanks for any
help you can provide.
--
E. Jay Berkenbilt <[EMAIL PROTECTED]>
http://www.ql.org/q/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
