Hi Matt,
Ok, we'll proceed by another way.
Thank you for your fast answer
Kinbd regards,
Patrice.
Matt Caswell a écrit :
On 28/10/2021 10:06, Patrice Guérin wrote:
Hi all,
The output of pkcs12 command differs between release 1.0.2 and 1.1.1.
The command used is
openssl pkcs12
On 28/10/2021 10:06, Patrice Guérin wrote:
Hi all,
The output of pkcs12 command differs between release 1.0.2 and 1.1.1.
The command used is
openssl pkcs12 -passin pass: -nokeys -in signedcert.bin
In the bag attributes, if the subject (and probably the issuer) contains
bytes
ward
that
would allow reading and writing to a key store while only
using
the
fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On
Behalf
Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs wi
If that is a hypothetical context, what context is the official design
goal of the OpenSSL Foundation for their validation effort?
On 2021-01-28 11:26, Tomas Mraz wrote:
This is a purely hypothetical context. Besides, as I said below - the
PKCS12KDF should not be used with modern PKCS12 files.
This is a purely hypothetical context. Besides, as I said below - the
PKCS12KDF should not be used with modern PKCS12 files. Because it can
be used only with obsolete encryption algorithms anyway - the best one
being 3DES for the encryption and SHA1 for the KDF.
Tomas
On Thu, 2021-01-28 at 11:08
rd
that
would allow reading and writing to a key store while only
using
the
fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On
Behalf
Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips
low
> > > > > PKCS12KDF in the default provider as well as the crypto
> > > > > methods
> > > > > in
> > > > > the fips provider? I have tried "provider=default,fips=yes"
> > > > > but
> > > > >
Message-----
From: openssl-users On Behalf
Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips 3.0
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Paul
karound for
>>> reading in PKCS12 files in order to maintain backwards
>>> compatibility. Is there a recommended method going forward that
>>> would allow reading and writing to a key store while only using the
>>> fips provider?
>>>
>>> Thanks,
>&
round
> > > for
> > > reading in PKCS12 files in order to maintain backwards
> > > compatibility. Is there a recommended method going forward that
> > > would allow reading and writing to a key store while only using
> > > the
> > > fips prov
anks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On Behalf Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips 3.0
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated
That works. Thanks!
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, January 26, 2021 6:01 PM
You could set the default property query to "?fips=yes". This will prefer FIPS
algorithms over any others but will not prevent other algorithms from being
ward that would allow reading and writing to a key
store while only using the fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 A
nuary 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips 3.0
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Pauli
On 26/1/21 10:48 pm, Tomas Mraz wrote:
> On Tue, 2021-01-26 at 11:45 +00
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Pauli
On 26/1/21 10:48 pm, Tomas Mraz wrote:
On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote:
On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
On
On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote:
>
> On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
> > On 2021-01-25 17:53, Zeke Evans wrote:
> > > Hi,
> > >
> > >
> > >
> > > Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
> > > PKCS12_verify_mac) do not work in
On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
> On 2021-01-25 17:53, Zeke Evans wrote:
>>
>> Hi,
>>
>>
>>
>> Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
>> PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips
>> provider. It looks like that is because
On 2021-01-25 17:53, Zeke Evans wrote:
Hi,
Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips
provider. It looks like that is because they try to load PKCS12KDF
which is not implemented in the fips provider. These
Hello Steve ,
Thanks for your response.
Is there a corresponding API where we can impose this descert option?
-Anamitra
On 5/29/13 6:15 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, May 29, 2013, Anamitra Dutta Majumdar (anmajumd) wrote:
We are trying to create pkcs12 keystore
On Thu, May 30, 2013, Anamitra Dutta Majumdar (anmajumd) wrote:
Hello Steve ,
Thanks for your response.
Is there a corresponding API where we can impose this descert option?
If you are using PKCS12_create() just set the certificate PBE algorithm to
On Wed, May 29, 2013, Anamitra Dutta Majumdar (anmajumd) wrote:
We are trying to create pkcs12 keystore in FIPS mode using OpenSSL 1.0.1
and it fails with the following error
9uo8bYe2YpDmqEgC[root@vos-i/usr/local/platform/bin/openssl pkcs12 -export
-in tomcat.pem -inkey
Hello Steve
Thank you for the hint, it works now like a charm.
Regards,
Tobias Schmid
Am 08.06.2012 20:52, schrieb Dr. Stephen Henson:
On Fri, Jun 08, 2012, Tobias Schmid wrote:
root@ccn-node1:~ # openssl pkcs12 -export -name CCND -out
/var/tmp/.keystore -
in certout.pem -inkey
On Fri, Jun 08, 2012, Tobias Schmid wrote:
root@ccn-node1:~ # openssl pkcs12 -export -name CCND -out
/var/tmp/.keystore -
in certout.pem -inkey private_key.pem -password
pass:'th1s1sn0t8g00dp8ssw0rd.'
3077621396:error:060740A0:lib(6):func(116):reason(160):NA:0:
Yeah, that was the problem. RC2 was disabled in the build.
Thanks,
-binlu
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Tuesday, April 03, 2012 1:59 PM
To: openssl-users@openssl.org
Subject: Re
On Tue, Apr 03, 2012, Bin Lu wrote:
Hi,
When I tried the pkcs12 command (as below) in openssl 1.0.1, it gave me the
following error.
The same command worked fine in openssl 0.9.8d. Any idea?
$ openssl pkcs12 -export -in test.cer -inkey test.key -out test.p12
Enter pass phrase for
Hi,
I am no expert on the matter, but on my humble opinion,
I think you can rely on this book because most of its content is about
fundamental concepts,
not implementation details ( padding, message encoding, ... ) for which
you can find updates on RSA Labs PKCS
On Tue, Apr 26, 2011 at 5:49 AM, Michel (PAYBOX) msa...@paybox.com wrote:
Hi,
I am no expert on the matter, but on my humble opinion,
I think you can rely on this book because most of its content is about
fundamental concepts,
not implementation details ( padding, message encoding, ... ) for
I believe this [freely available] book should interest you :
Handbook of Applied Cryptography
http://www.cacr.math.uwaterloo.ca/hac/
Le 21/04/2011 00:03, Patrick Rutkowski a écrit :
I'm pretty new to this PKI stuff, but I'm very confused about why pkcs12 files
are encrypted.
As I understand
Wow, awesome. I just read the foreword and the preface before getting to work.
They're very well written, and now I'm excited for the coming chapters for sure
:-)
I'll probably read it over the coming week or two. But I'm mildly worried about
the date the book was written, which was 1996; and
PKCS doc., including PKCS12
http://www.rsa.com/rsalabs/node.asp?id=2124
http://www.rsa.com/rsalabs/node.asp?id=2124
On Wed, Apr 20, 2011 at 5:03 PM, Patrick Rutkowski rutsk...@gmail.comwrote:
I'm pretty new to this PKI stuff, but I'm very confused about why pkcs12
files are encrypted.
As I
Unlike PEM files, P12/PFX files are not base 64 encoded text files.
These directly have ASN.1 encoded content w/o line breaks.
On Thu November 12 2009, Michael S. Zick wrote:
On Thu November 12 2009, Midori Green wrote:
On Thu, Nov 12, 2009 at 7:01 AM, PMHager wrote:
Just a suggestion
Might be this can help you to solve the issue: In the attached gif is
the ASN.1 decoded content of the PFX (upper part) and the decrypted
content of the pkcs8ShroudedKeyBag's octet string (lower part).
A question regarding the Mac import attempt: Does the error occur
before or after it asks
Might be this can help you to solve the issue: In the attached gif is
the ASN.1 decoded content of the PFX (upper part) and the decrypted
content of the pkcs8ShroudedKeyBag's octet string (lower part).
A question regarding the Mac import attempt: Does the error occur
before or after it asks
: Friday, November 13, 2009 12:31:48 AM GMT -05:00 US/Canada Eastern
Subject: Re: PKCS12 import error into MacOSX keychain access
Deae Lou and Dr. Henson:
Thank you again for e-mailing me with your assistance and suggestions,
it is greatly appreciated.
I have tried both your suggestions
On Fri, Nov 13, 2009, Midori Green wrote:
Deae Lou and Dr. Henson:
I would appreciate it, if Dr. Henson, you could examine the attached
file, and see if it possible to determine if OpenSSL can do the reverse.
(Take a existing RSA private key and create a PKCS12 file for it
without an
don't see the 'Use Case')
Lou Picciano
- Original Message -
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org
Sent: Friday, November 13, 2009 10:06:37 AM GMT -05:00 US/Canada Eastern
Subject: Re: PKCS12 import error into MacOSX keychain access
On Fri, Nov 13
...
Lou Picciano
- Original Message -
From: Midori Green midori.emer...@gmail.com
To: Lou Picciano loupicci...@comcast.net
Sent: Friday, November 13, 2009 5:15:41 PM GMT -05:00 US/Canada Eastern
Subject: Re: PKCS12 import error into MacOSX keychain access
Doing some testing
You need OpenSSL 1.0.0 at least to create PKCS#12 files without certificates,
this should work:
openssl pkcs12 -export -inkey key.pem -nocerts -out key.p12
Thank you Dr. Henson, I downloaded and installed openssl 1.0.0-beta4
and was able to successful create a private key only PKCS12
Hi there;
Since you have narrowed the problem down to something in your
certificate, and, since certificates are by nature 'public' files, can
you perhaps post the certificate from one of the failing PKCS#12 files
here, which would allow folks to perhaps help you out more?
(It may be that
Just a suggestion which does not consume much time:
The .P12 (or .PFX) formats from OpenSSL and Windows
are slightly different. To convert between the two,
just import the P12 into the MS CertStore My and
locate and export the certificate with its private
key from that list:
On Thu, Nov 12, 2009 at 7:01 AM, PMHager h...@prima.de wrote:
Just a suggestion which does not consume much time:
The .P12 (or .PFX) formats from OpenSSL and Windows
are slightly different. To convert between the two,
just import the P12 into the MS CertStore My and
locate and export the
On Thu November 12 2009, Midori Green wrote:
On Thu, Nov 12, 2009 at 7:01 AM, PMHager h...@prima.de wrote:
Just a suggestion which does not consume much time:
The .P12 (or .PFX) formats from OpenSSL and Windows
are slightly different. To convert between the two,
just import the P12 into
On Thu, Nov 12, 2009, Midori Green wrote:
I have been trying unsuccessfully to import a PKCS12 file created by openssl
into the keychain access application for MacOSX. When I do, I always get
the error: CSSMERR_CL_UNKNOWN_FORMAT
Please note the following:
* 2048 bit rsa private key, PEM
Midori -
Have been following this thread with some interest, as we generate PKCS12 certs
commonly for use on Macs (work equally well on Windows, without issue). Will be
happy to work through it with you, offering any help we can.
We also are producing 2048-bit RSA keys to begin with,
Deae Lou and Dr. Henson:
Thank you again for e-mailing me with your assistance and suggestions,
it is greatly appreciated.
I have tried both your suggestions, and specifically used the following
commands:
openssl pkcs12 -export -clcerts -inkey midori.key -in midori.cert \
On Tue, Sep 01, 2009, Willy Weisz wrote:
Being unable to using a PKCS#12 file created by openSSL with 3 different
applications - Java jarsigner, Firefox/Thunderbird and KeyStoreBuilder
of the package not-yet-commons-ssl
http://juliusdavies.ca/commons-ssl/ - I think that the problem may
well
I'm using openssl version 0.9.8h shipped by openSuSE as 0.9.8h-28.10.1
The shortest friendlyName I tried to use was 7 letters long - can this
be too long?
I got the same results when using Java's keytool trying to create a
keystore or to add the content of a PKCS#12 file to an existing keystore.
On Wed, Sep 02, 2009, Willy Weisz wrote:
I'm using openssl version 0.9.8h shipped by openSuSE as 0.9.8h-28.10.1
The shortest friendlyName I tried to use was 7 letters long - can this
be too long?
I got the same results when using Java's keytool trying to create a
keystore or to add the
Using openssl 0.9.8k removes the problems with keytool (I haven't tested
jarsigner, bur the symptoms were the same) and Mozilla (I checked with
Thunderbird and Firefox).
From the CHANGES file I didn't expect any cure, but I was wrong.
Thanks for the suggestion for a successful solution.
Regards
as far as i know its 32 characters.
hth,
sascha kiefer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Renato Araújo Ferreira
Sent: Montag, 21. Juli 2008 19:24
To: openssl-users@openssl.org
Subject: PKCS12 - Can't read Password
Why PKCS12 password
On Fri, Sep 07, 2007, Mulpur Sudha-MGI2496 wrote:
Hi,
I am having problems in parsing a PKCS12 file. I was able to parse other
PKCS12 files (with single CA certificates).
But this particular one has two level CA certificates and I get the
error that pbe algorithm is unknown. I am
rc4-40
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Friday, September 07, 2007 12:43 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 parse fails with unknown pbe algorithm even after
including
On Fri, Sep 07, 2007, Mulpur Sudha-MGI2496 wrote:
The same thing is happening with pkcs12 from openssl. What you said is
right, I don't think I have
RC2. Can you help me on how to include this.
You need to recompile the OpenSSL library. The default is to include RC2 but
wherever you got
@openssl.org
Subject: Re: PKCS12 parse fails with unknown pbe algorithm even after
including openSSL_add_all_algorithms
On Fri, Sep 07, 2007, Mulpur Sudha-MGI2496 wrote:
The same thing is happening with pkcs12 from openssl. What you said is
right, I don't think I have RC2. Can you help me on how
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Fri, Dec 08, 2006, Chris Covington wrote:
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
Windows allows up to 32 character passwords. It seems when openssl
exports a 32 character password pkcs12 file, Windows does not
On Sat, Dec 09, 2006 at 09:35:18AM -0500, Chris Covington wrote:
Would be it possible for you to duplicate Windows' behavior in the
case of exactly 32 character passwords (32 being the limit)? So that
they can be imported into Windows' stores? That would be very helpful
in our case, where
ps - the openssl Export password can be up to 31 characters. Once I
hit that 32nd character, Windows doesn't recognize the password.
However, if I use the Active Directory CA, I can correctly import the
32 character password?
Chris
pps - if I import the openssl pkcs12 bundle with a 31 character
password, then export it using the Windows GUI with a 32 character
password, that 32 character password works as well. How can I get
openssl to sign these 32 character export passworded pkcs12 bundles in
a Windows-compatible way?
On Fri, Dec 08, 2006, Chris Covington wrote:
pps - if I import the openssl pkcs12 bundle with a 31 character
password, then export it using the Windows GUI with a 32 character
password, that 32 character password works as well. How can I get
openssl to sign these 32 character export
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Fri, Dec 08, 2006, Chris Covington wrote:
pps - if I import the openssl pkcs12 bundle with a 31 character
password, then export it using the Windows GUI with a 32 character
password, that 32 character password works as well. How can
On Fri, Dec 08, 2006, Chris Covington wrote:
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Fri, Dec 08, 2006, Chris Covington wrote:
pps - if I import the openssl pkcs12 bundle with a 31 character
password, then export it using the Windows GUI with a 32 character
password,
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
Windows allows up to 32 character passwords. It seems when openssl
exports a 32 character password pkcs12 file, Windows does not
recognize the results, which is unfortunate in my case because I
specifically need a 32 character password
On Fri, Dec 08, 2006, Chris Covington wrote:
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
Windows allows up to 32 character passwords. It seems when openssl
exports a 32 character password pkcs12 file, Windows does not
recognize the results, which is unfortunate in my case
Krishna Prasad wrote:
Hi
A PKCS#12 file will have to contain the private key,you cannot have only
the
certificate in PKCS#12 format.
Yes. Maybe you want a PKCS7-File? This is supported by
many applications, too. Using OpenSSL PKCS7 files are
generated a bit counterintuitive: You use the
On Tue, Oct 31, 2006, Eshwaramoorthy Babu wrote:
Hi,
Is it possible to have only the certificate in PKCS12 file.
I do not want to include my private key . I just want my certificate in
PKCS12 format.
If so Can anyone tell me the command to convert the certificate into PKCS12
It is
Hi
A PKCS#12 file will have to contain the private key,you cannot have only the certificate in PKCS#12 format.
regards
krish
On 10/31/06, Eshwaramoorthy Babu [EMAIL PROTECTED] wrote:
Hi,
Is it possible to have onlythe certificate in PKCS12 file.
I do not want to include my private key . I
On Mon, Feb 20, 2006, Norbert Lakatos wrote:
Hi all!
I need to create a PKCS#12 file, and what ever I try I can't seem to be able
to sign it.
I want to create a x509 file and sign it with CA key, and pack it as PKCS12
file.
What I have tried to do is the following:
EVP_PKEY* pPK =
Thank you Heikki Toivonen and Goetz Babin-Ebell, your
suggestions were very helpful.
-David
david kine wrote:
How does one load verify locations into a SSL_CTX
from
in-memory X509 certificates?
You can get the X509_STORE from the SSL_CTX.
There you do an X509_STORE_add_cert()
david kine wrote:
I am writing an SSL client which utilizes a PKCS12
keystore.
I am able to create the keystore using OpenSSL
utilities, read the .p12 file using d2i_PKCS12_fp(),
and parse it using PKCS12_parse(). The X509 and
STACK_OF( X509 ) return parameters are all correct.
The next thing
david kine wrote:
How does one load verify locations into a SSL_CTX from
in-memory X509 certificates?
I believe you are after X509_STORE_add_cert(). You can use
SSL_CTX_get_cert_store() to get the store from an SSL_CTX.
--
Heikki Toivonen
signature.asc
Description: OpenPGP digital
On Wed, Mar 02, 2005, Carlos Roberto Zainos H wrote:
Hi there!!!
I'm trying to use the openssl pkcs12 option from command line but I don't
undestand very well the options.
I have a pair (private key and certificate file) both in PEM format. I want
to get a PKCS#12 file which content
Hills, MI 48326
* phone: +01-248-844-7294
* mailto:[EMAIL PROTECTED]
www.eds.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Thursday, December 02, 2004 7:18 PM
To: [EMAIL PROTECTED]
Subject: Re: PKCS12 Question
On Thu, Dec
On Thu, Dec 02, 2004, Lasko, Debra wrote:
Hello!
I have a question about the PKCS12 command. Originally, I used OpenSSL to
create a CSR and Private Key for a QuickSSL certificate from GeoTrust. Now I
am attempting to create a .p12 or .pfx file from the private and public keys
with no
On Tue, Nov 09, 2004, Steven Samorodin wrote:
Hi,
This may not be exactly the same issue, but today I saw a problem with
openssl 0.9.7d, PKCS12, and long passwords. Specifically I tried using
a 128 character import password on a PKCS12 file and found that I
couldn't parse the PKCS12 file
]
[mailto:[EMAIL PROTECTED] On Behalf Of Deane Sloan
Sent: Monday, November 08, 2004 12:54 PM
To: '[EMAIL PROTECTED]'
Subject: RE: PKCS12 password =32 chars interop issue with
Microsoft cert stor es?
Hi Stephen,
A quick run under Netscape 4.74 (all I had around I'm sorry)
shows a similar
Hi,
To put some context on the below - the PKCS12 password interop issue cannot
be resolved by limiting the password input to 32 characters (not counting
the terminating NULL) external to the OpenSSL API - as the password string's
null is counted as an additional (Unicode) character for the
On Mon, Nov 08, 2004, Deane Sloan wrote:
Hi,
We are using the OpenSSL PKCS#12 features for creating files for import
to/from the Microsoft user stores - using PKCS12_parse and PKCS12_create (
nid_key=NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
nid_cert=NID_pbe_WithSHA1And40BitRC2_CBC,
from breaking from a supported OpenSSL distro etc) to achieve the desired
compatibility?
Best regards,
Deane Sloan
-Original Message-
From: Dr. Stephen Henson
To: [EMAIL PROTECTED]
Sent: 9/11/2004 8:49 AM
Subject: Re: PKCS12 password =32 chars interop issue with Microsoft cert
stor es
On Mon, Nov 01, 2004, Ronan wrote:
I have a signed root cert that i want to change into a pkcs12 format
file to be used on a windows box. from the man pages on the openssl
website it says that i need to specify the certificate and the private
key when converting to pkcs12. now im a little
it is the private-key corresponding to the root cert.
the one which is generated while creating a request using the req command.
bye
Sravan
Ronan wrote:
I have a signed root cert that i want to change into a pkcs12 format
file to be used on a windows box. from the man pages on the openssl
On Wed, May 12, 2004, S.Mehdi Sheikhalishahi wrote:
Hi All
Can I construct a pkcs12 file without private key?
Yes using OpenSSL 0.9.8 and the -nokeys option with -export. This only work on
0.9.8-dev though it is ignored on previous versions and will ultimately give
an error because it can't
No. It's not possible!!!
Sorry, PKCS12 structure holds public/private key
pair...
--- Oliver Wulff [EMAIL PROTECTED] wrote:
Hi
Is it possible to store only the private key in a
p12 file and hold the
certificate and ca certificates in another p12 file?
If yes, how can I do that?
Oliver
: Thursday, November 14, 2002 10:38 AM
Subject: Re: PKCS12 and Private Key
No. It's not possible!!!
Sorry, PKCS12 structure holds public/private key
pair...
--- Oliver Wulff [EMAIL PROTECTED] wrote:
Hi
Is it possible to store only the private key in a
p12 file and hold the
certificate and ca
Hi,
Tarassov Vadim wrote:
does someone know how should I use openssl pkcs12 program in order to get such
keytore store that will be compatible with JSSE?
Once I could do that with keytool in Sun's J2EE SDK package.
(J2SE's keytool could not handle pkcs12 format, I presume)
like:
keytool
Erwann ABALEA wrote:
Probably a limitation of the actual browsers. But you might want to check
Mozilla 1.0, which seems to be able to save a bunch of private
key/certificate pairs at once. I haven't tested this functionality, but it
might be possible that there's only one output file, and
Chris Jarshant wrote:
Erwann ABALEA wrote:
Probably a limitation of the actual browsers. But you might want to check
Mozilla 1.0, which seems to be able to save a bunch of private
key/certificate pairs at once. I haven't tested this functionality, but it
might be possible that
On Thu, 25 Jul 2002, Chris Jarshant wrote:
[...]
Also, my app will support multiple keys/certs in a variety of places. For
example,
the public key cert for user X is in one PKCS12-format file, and the
corresponding private key is in a separate PKCS12-format file. Are there
any official
On Thu, 25 Jul 2002 17:33:49 +0200 (CEST), Erwann ABALEA wrote:
How is that localKeyID calculated? Is it a hash of the public key? If
yes, then this sounds an acceptable practice, if you really *need* to
keep separate PKCS#12 files, which is uncommon.
it's a digest of the x509
Erwann ABALEA wrote:
friendlyName, then look for their public key cert using that friendlyName,
then look for a corresponding private key using the friendlyName. If I
can't find a private key with that friendlyName, I use the localKeyID from
the public key cert to match. If there is
On Tue, Apr 30, 2002, Stephen Degler wrote:
Hi,
I've created a root cert with CA.pl and I'm trying to create a pkcs12
file with just the public portion, for inclusion in browsers. I try
the following:
Read the FAQ.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project
Hi Alvaro,
I had a similar problem with netscape. When i generated the
certificates, i initialized the certificates serial number file (ca.srl)
to 00 and netscape correctly exported the user certificate, but not the
ca. i repeated all steps again without reseting ca.srl to 00 and then
, and when, a root-CA cannot be imported it this browser??
Thanx again, and best regards.
Alvaro.
-Mensaje original-
De: Aleix Conchillo [mailto:[EMAIL PROTECTED]]
Enviado el: lunes, 28 de enero de 2002 15:24
Para: [EMAIL PROTECTED]
Asunto: Re: PKCS12 import faulire
Hi Alvaro,
I
Erich Titl wrote:
Hi Folks
This refers to openssl 0.9.6b
I try to export a cacert to a pkcs12 file using
openssl pkcs12 -export -inkey RufCA/private/cakey.pem -out cacerts.p12
-cacerts -nokeys -name Ruf CA Certificate RufCA/cacert.pem
Maybe I havent fully understood this but the
Hi Steve
At 12:48 21.11.2001 +, you wrote:
You can't use a PKCS#12 file to import a CA certificate only into a
browser. Read the FAQ for more info.
Sorry if this was pure RTFM
Erich
__
OpenSSL Project
You have to provide private key file also along with certificate.
It can be within your certificate file w.crt or u can provide the private
key file separately using -inkey option.
Try using -inkey option
Ravi
On Wed, 17 Oct 2001, Juan Carlos Albores Aguilar wrote:
i'm trying to create a
Justin Wienckowski wrote:
However, the structure of Netscape's message is boggling me. The AuthenticatedSafe
sequence doesn't seem to conform to the PKCS#12 spec, with a bazillion one-byte octet
strings with some longer ones included. Obviously the key and certificate info is in
here,
As things are I'm not sure if there is a way to import just a CA
certificate with a friendly name, I've not seen this documented.
After the install, you can for example look up the certificate in
the base, and then modify its properties. One of the properties
is a friendly name.
Title: RE: pkcs12 and CA cert ?
Dear Suen Tak Tsung Daniel,
The PKCS12 format contains the private key. This format is mainly used to export private key with the certificate. The method you used to create the PKSC12 is correct. Double click the certificate and import it into the certificate
But then, I still don't see how things fit together. The thing is that, (1) is
it normal to have the CA cert in my IE with a "key sign" on it? (2) If (1) is
abnormal, how can I get rid of it? I've done the import, and tried export to
other formats which strips the private key off and re-imported
Title: RE: pkcs12 and CA cert ?
-Original Message-
From: Daniel Suen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 11, 2001 11:35 AM
To: [EMAIL PROTECTED]
Subject: RE: pkcs12 and CA cert ?
But then, I still don't see how things fit together. The thing is that, (1) is
it normal
1 - 100 of 108 matches
Mail list logo
