Hello, I'm not sure if this is the right forum for this question, but I suppose if there are interested people they would most likely be found here.
I'm receiving an error when trying to use "openssl rsa -inform net -sgckey" to read a NET private key originating from an IIS 4.0, and so far I believe that this is not because of user error. After stripping off the IIS 4.0 header, as per the man page, I fed it into the openssl utility, but the utility failed after asking for the password. The failure was, very peculiarly, in d2i_RSAPrivateKey. Normally when I type in the wrong password or omit the sgckey flag, the command fails in d2i_NETSCAPE_PKEY; in this case, too, when I tried reading the same file with a different password or without the sgckey flag, it failed in d2i_NETSCAPE_PKEY. It was only when I used sgckey and typed in the correct password that it failed in d2i_RSAPrivateKey. To me, this is indicative of the correctness of the password and the flag. Is it possible that this is some kind of a new variation on the NET format? I was told that in the past, keys exported from the same server were read by openssl without problems. It was only lately, after the key was renewed with a new certificate, that reading the key started to fail. Can this have something to do with the new VeriSign certificate? (it's an X509v3 certificate.) An IIS 5.0 server, in contrast, agreed to import the file just fine; and when the key, after being imported into IIS 5.0, was re-exported from it in PKCS #12 format (a format which IIS 4.0 is not able to write), "openssl pkcs12 -inform der" managed to read it. It was not my server, so for obvious reasons I was rather limited in the amount of information I was able to extract from the site. I don't have any more detailed logs or the key itself. Does anyone know this format? Is this a known problem? Many thanks in advance, -- Adi Stav - developer Topaz Prism R&D Mercury Interactive +972-3-5399481 [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
