On Tue, Jun 29, 2004, Pierre Sengès wrote: > Hello > > I'm newbie to openSSL. I'm trying to create a pkcs12 file with Win32 OpenSSL 0.97d. > I've generated a CSR with keytool. I got my cert file generated by a CA and a > private key file (generated by keytool). > The following command : > > OpenSSL> pkcs12 -export -inkey domain.key -in domain.crt -out domain.pkcs12 > > make the following error : > > Loading 'screen' into random state - done > unable to load private key > error in pkcs12 > > Most posts i've read about this error talk about 0.96 bug. But i'm in 0.97 ... > I've not found in openssl.cnf definition of private key location ... but i think it > must be in same directory that crt file ? ( {openssl-install-dir}/bin exactly ...) > > Can it come from a bad private key format ? >
Yes its probably that the file domain.key isn't in the expected (PEM) format. If that is the case you should convert it first. I believe keytool may use PKCS#8 format in binary (DER) format in which case: openssl pkcs8 -inform DER -nocrypto -in domain.key -out key.pem should work. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]