On Thu, Nov 12, 2009, Midori Green wrote: > I have been trying unsuccessfully to import a PKCS12 file created by openssl > into the "keychain access" application for MacOSX. When I do, I always get > the error: CSSMERR_CL_UNKNOWN_FORMAT > > Please note the following: > > * 2048 bit rsa private key, PEM encoded and encrypted with 3DES, and > viewable with the following command: > > openssl rsa -inform PEM -in midori.key -text > > * X509v3 certificate, signed by a private CA, PEM encoded, and viewable with > the following command: > > openssl x509 -inform PEM -in midori.cert -text > > * PKCS12 file created by the following command: > > openssl pkcs12 -export -inkey midori.key -in midori.cert > -out midori.p12 > > and viewable (dumps RSA key+cert) with the following command: > > openssl pkcs12 -in midori.p12 -info > > Any suggestions on what I need to do to import my *EXISTING* RSA private > key and certificate into Apple's MacOSX "keychain access" application?
Try the -nomaciter option when creating the PKCS#12 file. The -descert optiojn might help too. If you are using a blank password try a non-empty one. Do you have a SAMPLE PKCS#12 file that the MAC will accept? If so and it doesn't contain any important keys please post it or send it to me with the password. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
