> From: owner-openssl-us...@openssl.org On Behalf Of
narendra.ku...@thomsonreuters.com
> Sent: Tuesday, 18 August, 2009 05:44
> I have installed Win32OpenSSL-0_9_7m.exe. am unable to proceed
further on
> how to extract the spc and pvk files from the pfx file I have.
I assume you mean (originally?) from Shining Light (www.slproweb.com).
0.9.7m is WAY old. As long as you're installing now, you might as well
install current or at least recent 0.9.8.
> It would be of great help if any suggestions are provided; I don't
see
> any utility listed for OpenSSL in my programs list as well.
> Where should I enter the command line "openssl.." To extract spc
and pvk files
The installer doesn't put it in your "start" menu, probably because
it's a console program and that's not usually done for console programs.
Like any (reasonable) Windows executable you can:
- in a console/CMD window, set current directory to
x:\whereveryouinstalled\bin
then give command openssl (or openssl.exe if you want to be explicit).
Unlike Unix shells which must be told to put dot in PATH (and in some
situations
you don't want to, it's bad practice) Windows always includes it
automatically
(and in those same cases where it's a bad idea, tough noogies). This will
make
it less convenient to access your data files, which should be somewhere
else.
- in a console anywhere, use the full pathname x:\wherever\bin\openssl[.exe]
.
Surround pathname by double-quotes if it includes space, which is common,
or other special character such as ampersand, which is somewhat rarer.
In particular it's convenient to do this from the directory where your data
is.
- Start / Run and type the full pathname (quotes allowed but not required);
note in this case the current directory will be your 'user' directory,
_up a level_ from your My-Documents etc., which is usually inconvenient.
- in a console do PATH x:\wherever\bin;%PATH% to add it to your PATH
for that CMD instance only, then openssl[.exe] . Note PATH items
are separated by semicolon on Windows, versus colon on Unix.
- permanently add x:\wherever\bin to your PATH in ControlPanel / System
(or rightclick-MyComputer/Properties) in Advanced / EnvironmentVariables,
then openssl[.exe] in a console (started AFTER the change) or Start / Run .
In ControlPanel since at least 2k you can put any envvar setting, including
PATH, for your userid only or for all users; but on most personal computers
there is only one real user (hence the name) and this doesn't really matter.
As above Start / Run will put you in a probably inconvenient directory.
- add it to your Start menu by (explicitly) creating a shortcut under
c:\docs&settings\$useryou\start-menu[\programs[\group]] or
c:\docs&settings\all-users\start-menu[\programs[\group]] as desired.
On Vista it's in c:\Users and buried more deeply under AppData\Roaming.
This area can be accessed directly by
rightclick-Start/{Open,Explore}[AllUsers].
The installer does create a group for some (GUI) items under all-users
(maybe not on Vista?) so you might reasonably want to put it there.
By default a new shortcut will set current directory to that
containing the program, which as above should be inconvenient;
you can alter it by rightclick/Properties or File / Properties
in "Start in"; I think you need to doublequote space/special here.
You can put commandline arguments in the "Target" line, but
then you have to edit the shortcut every time to change them;
if you don't put args, openssl-commandline will prompt interactively
(also in the other methods above, but there you can do args easily).
- create a shortcut anywhere else convenient, such as on the desktop.
Otherwise same capabilities/limitations as a start-menu shortcut.
I assume you mean a .pfx file which is a PKCS#12. (That suffix has
also been used for other things which I don't think openssl supports.)
A PKCS#12 doesn't contain files as such; it contains pieces of data
you might reasonably put in files. In particular it usually contains
a private-key, which would make sense in a .pvk file. It usually also
contains at least one certificate, often a whole chain, but not
in PKCS#7 format, which is what I believe .spc usually means,
and AFAICS openssl has no 'app' function to build a PKCS#7.
(Only to operate on an existing one, and limited at that.)
You might see if whatever you want this data for can accept
one or several "plain" certs (typically .cer or .crt) each
in a file, or a concatenation of certs in a file, instead.
(In either DER or PEM formats; openssl can convert those.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
