On Tue, 30 Apr 2002, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Mon, 29 Apr 2002 >12:22:32 -0700 (PDT), Tim Jones <[EMAIL PROTECTED]> said: > > t0psecret> I'm trying to create password-protected client certs > t0psecret> with OpenSSL and ssl.ca-0.1.tar.gz. Is this what > t0psecret> "export password" refers to (when creating the key), > t0psecret> or is there another way? I'm not sure whether the > t0psecret> export password is a permanent password for the cert > t0psecret> or just a one-time password used to import the .p12 > t0psecret> file. > t0psecret> > t0psecret> If it's the former, it seems as though Window strips > t0psecret> this password when I import the cert, because I'm only > t0psecret> asked for it the one time when importing. Is there any > t0psecret> way around this? > > You're mixing up certificate and private key. The password will > protect the private key. The certificate is (or should be) filled > with public information only, and therefore doesn't require any > password protection.
PKCS12 also specify mac-based integrity check that use another one password and may be usefull for certificate. Yes, one could ignore integrity check while parsing pkcs12 data. just a note, Vadim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]