Re: convert netscape p12 file to pem

Tue, 13 Feb 2001 13:56:50 -0800 

"E. Jay Berkenbilt" wrote:
> 
> I am trying to get stunnel to work with a signed user certificate that
> netscape will use.  I've gotten a trial 60-day certificate from
> Verisign which I've exported from netscape to a .p12 file.  I'm trying
> to convert it to a .pem file so that I can use it with stunnel.
> 
> The command "openssl pkcs12 -in qtest.p12 -noout -info" gives
> 
> MAC Iteration 1
> MAC verified OK
> PKCS7 Data
> Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1
> PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1
> Certificate bag
> Certificate bag
> Certificate bag
> 
> However, an attempt to convert as follows:
> 
> openssl pkcs12 -in qtest.p12 -out qtest.pem
> 
> results in
> 
> MAC verified OK
> Error outputting keys and certificates
> 26330:error:06065064:digital envelope routines:EVP_DecryptFinal:bad 
>decrypt:evp_enc.c:243:
> 26330:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal 
>error:p12_decr.c:95:
> 26330:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt 
>error:p12_decr.c:121:
> 
> This output came from openssl 0.9.5a, but I've tried with 0.9.6 with
> the same results.  I've build openssl with ./configure accepting
> whatever its defaults are.
> 
> Any suggestions?  I'm not subscribed to openssl-users.  I've checked
> the archives and the pkcs12 manual page to no avail.  Thanks for any
> help you can provide.
> 

What version of Netscape are you using? It sounds like Netscape isn't
encrypting the private key properly. The file isn't corrupted or the mac
wouldn't verify OK.

Also try a different password when you export the file from Netscape.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to