On Thu, Jan 13, 2011 at 04:49:43PM -0800, Gary Smith wrote:
> > (
> umask
> openssl pkcs12 -nodes -nocerts -out hsserver01.pem -in original.pfx
> )
This contains the key only.
> > (
> umask 077
> openssl pkcs12 -nodes -nocerts -out certkey.pem -in original.pfx
> )
THis contains t
> > openssl s_client -showcerts -state -quiet -status -connect localhost:465
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:error in SSLv2/v3 read server hello A
> 3075593864:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol
> Oops, while the "umask 077" is indeed required, this does produce a PEM
> file with a usable key and certificate, provided the OpenSSL library
> behind the pkcs12 command is not substantially newer than the one
> Postfix
> is linked with. If the command is from OpenSSL 1.0.0, it will generate
> a
On Thu, Jan 13, 2011 at 07:06:48PM -0500, Victor Duchovni wrote:
> > # Export certificate
> > openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes
>
> This takes in PKCS12 and outputs an unencrypted PKCS12. Not a good idea,
> your private key is compomised, unless your umask was 077.
Oops,
On Thu, Jan 13, 2011 at 03:36:41PM -0800, Gary Smith wrote:
> # Export certificate
> openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes
This takes in PKCS12 and outputs an unencrypted PKCS12. Not a good idea,
your private key is compomised, unless your umask was 077.
> # Export public ke
> openssl can convert between various formats.
> http://www.sslshopper.com/article-most-common-openssl-commands.html
> http://security.ncsa.illinois.edu/research/grid-
> howtos/usefulopenssl.html
> http://shib.kuleuven.be/docs/ssl_commands.shtml
> ...
Mouss,
Thanks for the follow up. I know that
Le 14/01/2011 00:25, Gary Smith a écrit :
> I have an SSL key in pkcs12 format (pfx exported from Windows) that I need to
> convert into the proper format for postfix. The pfs includes the entire
> chain as well.
>
> Anyone know the proper way to convert this file into the corresponding
> smtp
I have an SSL key in pkcs12 format (pfx exported from Windows) that I need to
convert into the proper format for postfix. The pfs includes the entire chain
as well.
Anyone know the proper way to convert this file into the corresponding
smtpd_tls_key_file/smtpd_tls_cert_file formats? My unders
