On Tue, Jul 08, 2003 at 05:24:09PM +0200, Whitaker, Andrew wrote: > Hi Christian, > > Thanks for you time. > > Yes you are correct, all I want to do is have a PKCS12 structure and push it into a > DER format for use with some EAI server applications. It only takes DER files and > hence we need some conversion to get it in. What is the best way whilst retaining > as much info as in the original PKCS12 file.
IExplorer exports pkcs12-certificates in DER format and calls it *.p12 or *.pfx AFAIK there is no PEM format for pkcs12. (also there is no PEM-STRING in pem.h) Regards Christian > > Regards, > > Andy. > > > > -----Original Message----- > From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED] > Sent: 08 July 2003 16:07 > To: [EMAIL PROTECTED] > Subject: Re: PKC12 to PEM to DER > > > Hi Andrew, > > the pkcs12 utility writes the Certificate(s) and the key separated into one file > the (3) only reads the first x509 structure and writes it in DER format (-outform > DER) > but doesn' t look at the rest of the file. > > You can use "cut&paste" to edit the pkcs12 output into several files. > > the final question for me actually is: What do you want to do ? > > have a PKCS12 structure in DER format ? pull the key ot of a PKCS12 ? > > Regards > Christian > > > On Tue, Jul 08, 2003 at 12:45:01PM +0200, Whitaker, Andrew wrote: > > Hi Christian, > > > > I think I'm almost there. Thanks for the detail on certificate verification and > > by the way my IE error was just me trying to convert a pem file using the rsa > > instead of x509. anyway could you possibly assist with hopefully one final thing > > :-) > > > > My situation: > > > > 1)I have a client certificate in IE6 which I've exported into PKCS12 (with private > > key). > > 2)I used the openssl pkcs12 util to push this into PEM format. > > 3)Then used the x509 util to convert from PEM to DER. > > 4)The DER file looks fine and can be used ok. However it doesn't appear to have > > the private key inside. > > a) I've done a -nout -text and couldn't see any mention > > b) Nor when I import it into IE6 it doesn't come up with the (You have a > > private key that corresponds to this certificate). > > c) I know I'm stupid :-) > > > > Question: > > 1)How do I tell whether the private key has been pushed into the PEM/DER formats? > > 2)Should I be able to see any reference to the private keys in a x509 -nout -text > > command? > > > > Regards, > > > > Andy. > > > > > > -----Original Message----- > > From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED] > > Sent: 07 July 2003 13:52 > > To: [EMAIL PROTECTED] > > Cc: Whitaker, Andrew > > Subject: Re: PKC12 to PEM to DER > > > > > > Hello Andrew, > > > > On Mon, Jul 07, 2003 at 02:17:38PM +0200, Whitaker, Andrew wrote: > > > > I have recently installed openssl package with the installation of cygwin. I > > > > have used the openssl util to: > > > > > > > > 1) Pkc12 to PEM - this is successful. I have tested with the command (cat > > > > ca-certificate-file | grep -E 'BEGIN.* CERTIFICATE' | wc -l) and verified it > > > > has a valid certif inside. > > > > 2) PEM to DER - this appeared to be successful showing no errors. When > > > > running the above commnad on the output DER file it comes back with 0. ie > > > > nothing. Also at a file level the Iexplorer app also indicates the > > > > certificate is invalid. > > > > the command above only finds the PEM header "----- BEGIN CERTIFICATE-----" > > since DER does not have it, the command must fail. > > > > elaborate: "the Iexplorer app also indicates the certificate is invalid." > > > > > > > > > > > > Question - Are there any obvious issues surrounding conversion from PEM-DER > > > > and/or have I missed something obvious. Apologies if it RTFM. > > > > PEM is the base64-encoding of the DER encoded file with additional Headers and > > footers > > > > Regards > > Christian > > > > > > > > > > Regards, > > > > > > > > Andrew. > > > > > > > > Andrew Whitaker > > > > > > > > Technology Consultant > > > > SAP (UK & Ireland) Limited > > > > Clockhouse Place, > > > > Bedfont Road, Feltham > > > > Middlesex, TW14 8HD > > > > > > > > T +44 (0) 20 8917 6887 > > > > F +44 (0) 20 8917 6433 > > > > M +44 (0) 7808 575 887 > > > > E [EMAIL PROTECTED] > > > > > > > > www.sap.com/uk/ <www.sap.com/uk/> > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
