> > openssl pkcs12 -in qtest.p12 -out qtest.pem
> >
> > results in
> >
> > MAC verified OK
> > Error outputting keys and certificates
> > 26330:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
>decrypt:evp_enc.c:243:
> > 26330:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal
>error:p12_decr.c:95:
> > 26330:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt
>error:p12_decr.c:121:
> >
>
> What version of Netscape are you using? It sounds like Netscape isn't
> encrypting the private key properly. The file isn't corrupted or the mac
> wouldn't verify OK.
4.75 and 4.76.
> Also try a different password when you export the file from Netscape.
How odd. This worked. Why would that work? I used a different
export password from the PEM pass phrase. I'm curious -- what made
you think to suggest this? I know nothing about pkcs12 and am just
learning about SSL, but I always like to know what's going on and
usually take the trouble to find out.... Thanks for your help.
Now I can run c_hash on this and copy the result into my stunnel
certificates directory. Netscape provides this, but stunnel doesn't
like it. I'll have to investigate further before I post a followup
question, but this definitely gets me one step further than I've
gotten before. Thanks.
--
E. Jay Berkenbilt <[EMAIL PROTECTED]>
http://www.ql.org/q/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
