Hi, I've created a root cert with CA.pl and I'm trying to create a pkcs12 file with just the public portion, for inclusion in browsers. I try the following:
openssl pkcs12 -export -nokeys -in demoCA/cacert.pem -out foo.pfx and I get: 31627:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: ANY PRIVATE KEY Ok, I don't mind supplying the private key as long as it doesn't appear in the output: openssl pkcs12 -export -nokeys -in demoCA/cacert.pem -inkey demoCA/private/cakey.pem -out foo.pkfx But it seems like it ignores "-nokeys" in this instance. Unfortunately I think the private key is present in the resulting files. Adding -cacerts doesn't seem to help either. Is this a bug in pkcs12 or I am just going about things the wrong way? skd ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
