Just a suggestion which does not consume much time: The .P12 (or .PFX) formats from OpenSSL and Windows are slightly different. To convert between the two, just import the P12 into the MS CertStore "My" and locate and export the certificate with its private key from that list:
%SystemRoot%\system32\rundll32.exe /d "%SystemRoot%\system32\INETCPL.CPL",LaunchSiteCertDialog Might be the MacOS is capable to handle that export. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Midori Green Sent: Thursday, November 12, 2009 8:34 AM To: openssl-users@openssl.org Subject: PKCS12 import error into MacOSX keychain access I have been trying unsuccessfully to import a PKCS12 file created by openssl into the "keychain access" application for MacOSX. When I do, I always get the error: CSSMERR_CL_UNKNOWN_FORMAT Please note the following: * 2048 bit rsa private key, PEM encoded and encrypted with 3DES, and viewable with the following command: openssl rsa -inform PEM -in midori.key -text * X509v3 certificate, signed by a private CA, PEM encoded, and viewable with the following command: openssl x509 -inform PEM -in midori.cert -text * PKCS12 file created by the following command: openssl pkcs12 -export -inkey midori.key -in midori.cert -out midori.p12 and viewable (dumps RSA key+cert) with the following command: openssl pkcs12 -in midori.p12 -info Any suggestions on what I need to do to import my *EXISTING* RSA private key and certificate into Apple's MacOSX "keychain access" application? Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
