Unlike PEM files, P12/PFX files are not base 64 encoded text files. These directly have ASN.1 encoded content w/o line breaks.
On Thu November 12 2009, Michael S. Zick wrote: > On Thu November 12 2009, Midori Green wrote: > > On Thu, Nov 12, 2009 at 7:01 AM, PMHager wrote: > > > Just a suggestion which does not consume much time: > > > The .P12 (or .PFX) formats from OpenSSL and Windows > > > are slightly different. To convert between the two, > > > just import the P12 into the MS CertStore "My" and > > > locate and export the certificate with its private > > > key from that list: > > > %SystemRoot%\system32\rundll32.exe /d > > > "%SystemRoot%\system32\INETCPL.CPL",LaunchSiteCertDialog > > > Might be the MacOS is capable to handle that export. > > > Dear PMHager: > > > > Thank you for your suggestion. Unfortunately, it did not work. > > See the details below... > > > > I tried out your suggestion on a WinXP VM running on my mac. > > I was successfully able to import my "midori.p12" PKCS12 file > > into the Windows Certificate utility, with both the RSA private > > key and X509v3 certificate, into the "Personal" section. Since > > I already had my root certificate preloaded into Windows, when > > I selected [View] for my imported certificate, its certificate status > > verified as OK. > > > > Then as you suggested, I successfully exported both the certificate > > and RSA private key from that Windows certificate utility, into a > > PFX file named "midori.pfx". > > > > When I copied that "midori.pfx" file back to my mac, and attempted > > to load it into Apple's "keychain access" utility, I still get the same > > error message: CSSMERR_CL_UNKNOWN_FORMAT! > > > > I am at a loss as to why I am unable to import my *EXISTING* RSA > > private key into Apple's certificate utility, when I can import it > > safely into Windows certificate utility, OpenSSL, Firefox, etc. This > > certificate was issued to me for VPN access, so I have to use it > > without any substitutions. > > > > View the file with a hexeditor, check the line-endings. > It may not have MAC eol and your MAC may be expecting that it does. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
