>PKCS#12 files under OpenSSL are intended to have a key and a matching
> certificate. AFAIK the same is true of Windows and Netscape
> import/export routines.
yes, but what if you stil have to request it to a CA...
> What do you want a private key alone in PKCS#12 format for?
I generate the key, then use it to sign a certificate request (PKCS#10).
The PKCS#10 is sent to a CA.
When the certificate is issued by the CA it is downloaded (via LDAP) and
stored into the original P12 with its key
> If you want to save an encrypted private key separately I suggest you
> try something like PKCS#8.
I need it in PKCS12 for compatibility with onother application.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]