Lidia, Can you show us the exact commands you used to create the keys, cert request and import. I've also had problems extracting the private key from a keystore using keytool. I'm not sure it can be done with keytool alone. Somebody probably has a utility to did it somewhere.
Also, I'm rather new to PKI technology but I think that many certs contain parameters that limit what kind of use the cert can be used for. Maybe someone else can elaborate on this... Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dr S N Henson Sent: Sunday, November 25, 2001 5:09 PM To: [EMAIL PROTECTED] Subject: Re: problems with openssl and keytool Lidia Castillejo wrote: > > Hi, > please can somebody help me? > I'm working with openssl and keytool of jdk > I create my autority certification with openssl. > I create a public/private pair keys with keytool and make a certification > request to ca. > CA validity my csr file and create a .pem file i try import this file in my > keystore but appear a error. > Finally i create a x509 (.cer file) with opennsl using a .pem file result of > CA's validity. I can import this file in my keystore but the problem is when > i would import this file in the browser(iexplorer) this don't detect a .cer > file as a personal certificate. I think that the problem is that the .cer > not contain a private key. > can somebody help me? > You need to create a PKCS#12 file from the certificate and private key. If the key you are using is a DSA key then it may well not work with MSIE anyway because many (all?) versions only handle RSA keys. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
