> From: owner-openssl-us...@openssl.org On Behalf Of narendra.ku...@thomsonreuters.com > Sent: Tuesday, 18 August, 2009 05:44
> I have installed Win32OpenSSL-0_9_7m.exe. am unable to proceed further on > how to extract the spc and pvk files from the pfx file I have. I assume you mean (originally?) from Shining Light (www.slproweb.com). 0.9.7m is WAY old. As long as you're installing now, you might as well install current or at least recent 0.9.8. > It would be of great help if any suggestions are provided; I don't see > any utility listed for OpenSSL in my programs list as well. > Where should I enter the command line "openssl.." To extract spc and pvk files The installer doesn't put it in your "start" menu, probably because it's a console program and that's not usually done for console programs. Like any (reasonable) Windows executable you can: - in a console/CMD window, set current directory to x:\whereveryouinstalled\bin then give command openssl (or openssl.exe if you want to be explicit). Unlike Unix shells which must be told to put dot in PATH (and in some situations you don't want to, it's bad practice) Windows always includes it automatically (and in those same cases where it's a bad idea, tough noogies). This will make it less convenient to access your data files, which should be somewhere else. - in a console anywhere, use the full pathname x:\wherever\bin\openssl[.exe] . Surround pathname by double-quotes if it includes space, which is common, or other special character such as ampersand, which is somewhat rarer. In particular it's convenient to do this from the directory where your data is. - Start / Run and type the full pathname (quotes allowed but not required); note in this case the current directory will be your 'user' directory, _up a level_ from your My-Documents etc., which is usually inconvenient. - in a console do PATH x:\wherever\bin;%PATH% to add it to your PATH for that CMD instance only, then openssl[.exe] . Note PATH items are separated by semicolon on Windows, versus colon on Unix. - permanently add x:\wherever\bin to your PATH in ControlPanel / System (or rightclick-MyComputer/Properties) in Advanced / EnvironmentVariables, then openssl[.exe] in a console (started AFTER the change) or Start / Run . In ControlPanel since at least 2k you can put any envvar setting, including PATH, for your userid only or for all users; but on most personal computers there is only one real user (hence the name) and this doesn't really matter. As above Start / Run will put you in a probably inconvenient directory. - add it to your Start menu by (explicitly) creating a shortcut under c:\docs&settings\$useryou\start-menu[\programs[\group]] or c:\docs&settings\all-users\start-menu[\programs[\group]] as desired. On Vista it's in c:\Users and buried more deeply under AppData\Roaming. This area can be accessed directly by rightclick-Start/{Open,Explore}[AllUsers]. The installer does create a group for some (GUI) items under all-users (maybe not on Vista?) so you might reasonably want to put it there. By default a new shortcut will set current directory to that containing the program, which as above should be inconvenient; you can alter it by rightclick/Properties or File / Properties in "Start in"; I think you need to doublequote space/special here. You can put commandline arguments in the "Target" line, but then you have to edit the shortcut every time to change them; if you don't put args, openssl-commandline will prompt interactively (also in the other methods above, but there you can do args easily). - create a shortcut anywhere else convenient, such as on the desktop. Otherwise same capabilities/limitations as a start-menu shortcut. I assume you mean a .pfx file which is a PKCS#12. (That suffix has also been used for other things which I don't think openssl supports.) A PKCS#12 doesn't contain files as such; it contains pieces of data you might reasonably put in files. In particular it usually contains a private-key, which would make sense in a .pvk file. It usually also contains at least one certificate, often a whole chain, but not in PKCS#7 format, which is what I believe .spc usually means, and AFAICS openssl has no 'app' function to build a PKCS#7. (Only to operate on an existing one, and limited at that.) You might see if whatever you want this data for can accept one or several "plain" certs (typically .cer or .crt) each in a file, or a concatenation of certs in a file, instead. (In either DER or PEM formats; openssl can convert those.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org