On Thu, Aug 07, 2003, =?iso-8859-1?Q? Felix=20Kl=F6cking ?= wrote: > [EMAIL PROTECTED] schrieb am 07.08.03 12:41:44: > > > > On Thu, Aug 07, 2003, =?iso-8859-1?Q? Felix=20Kl=F6cking ?= wrote: > > > > > Hello, > > > > > > I am using OpenSSL 0.9.6b 9 Jul 2001, and would like to convert a .p12 > > > certificate file into a .pem file that can be used to encrypt/decrypt data with > > > OpenSSL. > > > > > > I entered (on the command line): > > > openssl pkcs12 -in infile.p12 -out outfile.pem > > > > > > I was then prompted to enter the Import Password. > > > > > > I input the Transport PIN which I got from the Certificate Authority. > > > > > > Here's what I got: > > > > > > Mac verify error: invalid password? > > > > > > I tried several times to enter the password, and I also copy-pasted it. Nothing > > > worked. > > > What's confusing me is that I CAN import the certificate into the Internet > > > Explorer store, using exactly the same Password. So the Password SHOULD work > > > with openssl either, shouldn't it? > > > > > > I would appreciate if anyone could help me with this issue. > > > > > > > Are you using any non-ASCII characters in the password for the PKCS#12 file? > > If so then that could be the problem. The PKCS#12 code currently only > > correctly handles ASCII. At some point it may handle UTF8 properly. > > > > Thanks for answering, > > The Password consists of 16 alphanumerical characters, all are ASCII compliant. > This doesn't seem to be the cause of the problem. >
Strange. Where does that PKCS#12 file come from? Have you tried reexporting with a different password? Its possible that it has no MAC so the -nomacver option may help: if you just get other weird errors then that's not it. If you still have problems and you can generate a test (not with an important private key in it!) PKCS#12 file which MSIE will import but the OpenSSL pkcs12 utility wont parse then please send me a copy and I'll analyse it. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
