RE: Need help on: openssl pkcs12 --- avoid or in batch mode
Hi guys, I am still searching for the answer of batch mode on openssl pkcs12 but no luck. Is anyone can help me a work around way to avoid Enter Export Password: Verifying - Enter Export Password: Above to prompts. Thanks John From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Chen Sent: Monday, March 22, 2010 10:01 AM To: openssl-users@openssl.org Subject: Need help on: openssl pkcs12 --- avoid or in batch mode Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out new.p12 -export -name xx It will prompt user for: Enter Export Password: Verifying - Enter Export Password: Is anyway I can manipulate or default or void those two prompts since those prompts useless in here. I checked pkcs12 command options seems there is no batch mode. I also tried using wrapping script but no help either. Thanks in advance. John -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 20, 2010 2:21 PM To: openssl-users@openssl.org Subject: Re: Apache client certificate authentication On Sat, Mar 20, 2010, Graham Leggett wrote: On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Need help on: openssl pkcs12 --- avoid or in batch mode
Hi guys, I am still searching for the answer of batch mode on openssl pkcs12 but no luck. Is anyone can help me a work around way to avoid Enter Export Password: Verifying - Enter Export Password: Above two prompts. Thanks John
Re: Need help on: openssl pkcs12 --- avoid or in batch mode
On Wed, Mar 24, 2010, John Chen wrote: Hi guys, I am still searching for the answer of batch mode on openssl pkcs12 but no luck. Is anyone can help me a work around way to avoid Enter Export Password: Verifying - Enter Export Password: Above two prompts. This has been answered several times on the mailing lists and in the manual pages. See for example the -passout command line option: http://www.openssl.org/docs/apps/pkcs12.html# http://www.openssl.org/docs/apps/openssl.html#PASS_PHRASE_ARGUMENTS Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help on: openssl pkcs12 --- avoid or in batch mode
Hi John, I have already answered your question twice on the list but it seems that you didn't receive them for an unknown reason. Look at the link below of OpenSSL list archive to reader what I wrote : http://marc.info/?t=12690119749r=1w=2 Have a nice day, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/24/2010 3:14 PM, John Chen wrote: Hi guys, I am still searching for the answer of batch mode on openssl pkcs12 but no luck. Is anyone can help me a work around way to avoid Enter Export Password: Verifying - Enter Export Password: Above to prompts. Thanks John From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Chen Sent: Monday, March 22, 2010 10:01 AM To: openssl-users@openssl.org Subject: Need help on: openssl pkcs12 --- avoid or in batch mode Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out new.p12 -export -name xx It will prompt user for: Enter Export Password: Verifying - Enter Export Password: Is anyway I can manipulate or default or void those two prompts since those prompts useless in here. I checked pkcs12 command options seems there is no batch mode. I also tried using wrapping script but no help either. Thanks in advance. John -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 20, 2010 2:21 PM To: openssl-users@openssl.org Subject: Re: Apache client certificate authentication On Sat, Mar 20, 2010, Graham Leggett wrote: On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Need help on: openssl pkcs12 --- avoid or in batch mode
Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out new.p12 -export -name xx It will prompt user for: Enter Export Password: Verifying - Enter Export Password: Is anyway I can manipulate or default or void those two prompts since those prompts useless in here. I checked pkcs12 command options seems there is no batch mode. I also tried using wrapping script but no help either. Thanks in advance. John -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 20, 2010 2:21 PM To: openssl-users@openssl.org Subject: Re: Apache client certificate authentication On Sat, Mar 20, 2010, Graham Leggett wrote: On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help on: openssl pkcs12 --- avoid or in batch mode
Hi John, I have already answered your question on the list two days ago. Here is what I wrote : To avoid the password prompt, you can add the argument -password pass: to the command line. This will use an empty password for the PKCS12 file. For a non empty value, for example 1234, use -password pass:1234 instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/22/2010 3:00 PM, John Chen wrote: Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out new.p12 -export -name xx It will prompt user for: Enter Export Password: Verifying - Enter Export Password: Is anyway I can manipulate or default or void those two prompts since those prompts useless in here. I checked pkcs12 command options seems there is no batch mode. I also tried using wrapping script but no help either. Thanks in advance. John -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 20, 2010 2:21 PM To: openssl-users@openssl.org Subject: Re: Apache client certificate authentication On Sat, Mar 20, 2010, Graham Leggett wrote: On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
