Hi All, I am new to this mailing list. Maybe this is a FAQ but I couldn't find an answer from..
I have my own CA (for servlet developping purpose) and created a client cert, named "usercert.pem" and "userkey.pem", signed by the CA's cert. From these files, I created a PKCS#12 format cert file with: # openssl pkcs12 -export -in usercert.pem -inkey userkey.pem \ -out user.p12 The "user.p12" is importable for IE5.x, IE6, and Netscape 4.x. But not for Netscape 6. Actually, Netscape 6 has no "import a certification" dialog/menu or something like that, it has certificate backup/restore button instead. I used "restore" button to import the "user.p12", but Netscape 6 said that failed restoring the "user.p12" :-< So, followings are what I did for using the "user.p12" in Netscape 6: 1. Import the "user.p12" into Netscape 4.x. 2. Export the certificate from Netscape 4.x, named "userX.p12". 3. Restore the "userX.p12" into Netscape 6 via the "restore" button. Dose anyone know proper openssl command line option(s) to create a "Netscape 6 importable" PKCS#12 certificate ? Any informations are welcome. FYI, following is result of "openssl pkcs12 -info -in userX.p12", hope this might help.. -------------------- start -------------------- MAC Iteration 1 MAC verified OK PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1 Bag Attributes friendlyName: Heita localKeyID: .... SNIP .... Key Attributes: <No Attributes> Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC, .... SNIP .... .... SNIP .... -----END RSA PRIVATE KEY----- PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1 Certificate bag Bag Attributes friendlyName: Heita localKeyID: .... SNIP .... subject=/C=JP/ .... SNIP .... issuer= /C=JP/ .... SNIP .... -----BEGIN CERTIFICATE----- .... SNIP .... -----END CERTIFICATE----- -------------------- end -------------------- Regards, --- m-hirano ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]