Venkatesha, Ashalatha wrote:
>
> Hi ,
>
> Can anyone help me in this urgently.
>
> I have developed a server using the stunnel and openssl.
> My problem is,to run my server,i need to give the certificate which is
> generated from Netscape Certificate Server. Netscpae Certificate Server has
> given the certificate in PKCS12 format.
> But my server uses PEM format. So i converted using as
>
> openssl pkcs12 -in file.p12 -out newfile.pem -nodes
>
> When i am using this newfile.pem for my server, it gives the so many error
> as
> key values mismatch.
>
That command places all certificates and private keys in the output file
in the order they appear in the input file.
The server typically takes the first certificate and private key it
finds and assumes they are the ones you want.
As a result the first certificate and first key may not be the ones you
want and they may not match.
Instead you need to just output the certificate corresponding to the
private key with:
openssl pkcs12 -in file.p12 -out newfile.pem -clcerts -nodes
If you want the CA certs(s) then do:
openssl pkcs12 -in file.p12 -out cacerts.pem -cacerts -nokeys
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
