On Tue, Jun 29, 2004, Pierre Sengès wrote:
> Hello
>
> I'm newbie to openSSL. I'm trying to create a pkcs12 file with Win32 OpenSSL 0.97d.
> I've generated a CSR with keytool. I got my cert file generated by a CA and a
> private key file (generated by keytool).
> The following command :
>
> OpenSSL> pkcs12 -export -inkey domain.key -in domain.crt -out domain.pkcs12
>
> make the following error :
>
> Loading 'screen' into random state - done
> unable to load private key
> error in pkcs12
>
> Most posts i've read about this error talk about 0.96 bug. But i'm in 0.97 ...
> I've not found in openssl.cnf definition of private key location ... but i think it
> must be in same directory that crt file ? ( {openssl-install-dir}/bin exactly ...)
>
> Can it come from a bad private key format ?
>
Yes its probably that the file domain.key isn't in the expected (PEM) format.
If that is the case you should convert it first. I believe keytool may use
PKCS#8 format in binary (DER) format in which case:
openssl pkcs8 -inform DER -nocrypto -in domain.key -out key.pem
should work.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
