Hi,
I am
generating client certificates using this method at the openssl
server:
openssl genrsa -des3 -out user.key
1024
openssl req -new -config openssl.cnf -key user.key -out
user.csr
openssl ca -config openssl.cnf -cert
CA.pem -in user.csr -keyfile CA.key -out
user.crt
After this, I
am exporting the user.crt to the browser for that user. Its working fine.
Now, I would like
to know where the
private key of the user is ?
I am using the
user.crt to put it in the user entry in the ldap server. Does this user.crt
contain
client's private
key also ?
If I need the
user.crt in pkcs12 format, I use
openssl pkcs12
-export -in user.crt -inkey user.key -out
user.pfx
Anything wrong
with this export ? Does it contain the private key
?
I am doing all
these without proper knowledge of openssl. Half knowledge is dangerous. But I
can't
help it now. So
kindly bear with me if there's anything stupid in the method
above.
thanx and
regards
sarath
