Hi Christian, Thanks for you time.
Yes you are correct, all I want to do is have a PKCS12 structure and push it into a DER format for use with some EAI server applications. It only takes DER files and hence we need some conversion to get it in. What is the best way whilst retaining as much info as in the original PKCS12 file. Regards, Andy. -----Original Message----- From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED] Sent: 08 July 2003 16:07 To: [EMAIL PROTECTED] Subject: Re: PKC12 to PEM to DER Hi Andrew, the pkcs12 utility writes the Certificate(s) and the key separated into one file the (3) only reads the first x509 structure and writes it in DER format (-outform DER) but doesn' t look at the rest of the file. You can use "cut&paste" to edit the pkcs12 output into several files. the final question for me actually is: What do you want to do ? have a PKCS12 structure in DER format ? pull the key ot of a PKCS12 ? Regards Christian On Tue, Jul 08, 2003 at 12:45:01PM +0200, Whitaker, Andrew wrote: > Hi Christian, > > I think I'm almost there. Thanks for the detail on certificate verification and by > the way my IE error was just me trying to convert a pem file using the rsa instead > of x509. anyway could you possibly assist with hopefully one final thing :-) > > My situation: > > 1)I have a client certificate in IE6 which I've exported into PKCS12 (with private > key). > 2)I used the openssl pkcs12 util to push this into PEM format. > 3)Then used the x509 util to convert from PEM to DER. > 4)The DER file looks fine and can be used ok. However it doesn't appear to have the > private key inside. > a) I've done a -nout -text and couldn't see any mention > b) Nor when I import it into IE6 it doesn't come up with the (You have a > private key that corresponds to this certificate). > c) I know I'm stupid :-) > > Question: > 1)How do I tell whether the private key has been pushed into the PEM/DER formats? > 2)Should I be able to see any reference to the private keys in a x509 -nout -text > command? > > Regards, > > Andy. > > > -----Original Message----- > From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED] > Sent: 07 July 2003 13:52 > To: [EMAIL PROTECTED] > Cc: Whitaker, Andrew > Subject: Re: PKC12 to PEM to DER > > > Hello Andrew, > > On Mon, Jul 07, 2003 at 02:17:38PM +0200, Whitaker, Andrew wrote: > > > I have recently installed openssl package with the installation of cygwin. I > > > have used the openssl util to: > > > > > > 1) Pkc12 to PEM - this is successful. I have tested with the command (cat > > > ca-certificate-file | grep -E 'BEGIN.* CERTIFICATE' | wc -l) and verified it has > > > a valid certif inside. > > > 2) PEM to DER - this appeared to be successful showing no errors. When running > > > the above commnad on the output DER file it comes back with 0. ie nothing. > > > Also at a file level the Iexplorer app also indicates the certificate is invalid. > > the command above only finds the PEM header "----- BEGIN CERTIFICATE-----" > since DER does not have it, the command must fail. > > elaborate: "the Iexplorer app also indicates the certificate is invalid." > > > > > > > > Question - Are there any obvious issues surrounding conversion from PEM-DER > > > and/or have I missed something obvious. Apologies if it RTFM. > > PEM is the base64-encoding of the DER encoded file with additional Headers and > footers > > Regards > Christian > > > > > > > Regards, > > > > > > Andrew. > > > > > > Andrew Whitaker > > > > > > Technology Consultant > > > SAP (UK & Ireland) Limited > > > Clockhouse Place, > > > Bedfont Road, Feltham > > > Middlesex, TW14 8HD > > > > > > T +44 (0) 20 8917 6887 > > > F +44 (0) 20 8917 6433 > > > M +44 (0) 7808 575 887 > > > E [EMAIL PROTECTED] > > > > > > www.sap.com/uk/ <www.sap.com/uk/> > > > > > > > > > > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
