Many thanks for all your help, everything is working as expected.
----- Original Message ----- From: owner-openssl-us...@openssl.org <owner-openssl-us...@openssl.org> To: openssl-users@openssl.org <openssl-users@openssl.org> Sent: Fri Sep 02 20:55:15 2011 Subject: RE: Becoming a CA for group of internal servers? > From: owner-openssl-us...@openssl.org On Behalf Of Hopkins, Nathan > Sent: Friday, 02 September, 2011 04:00 > Many thanks! - I now see the S-A-N in the signed cert :) > > Next challenge is I'd like to create a pkcs12 file as below ... > openssl pkcs12 -export -in server.crt -inkey server.key -name tomcat > -passout pass:changeit -out serverkeystore.pfx > > However when I view with ... > openssl pkcs12 -in serverkeystore.pfx -info > > I can't see S-A-N within the .pfx? > 'openssl pkcs12' doesn't display details of the cert(s), or key(s), within the pkcs12 file. It just inserts or extracts them as complete units. You can use openssl pkcs12 -in $file -nokeys -out tempcert # -clcerts would be needed if you put chain # or CA certs in but in this case you didn't to get the certificate (back) out, and then look at it, or just compare it to the known-good one you put in. You can combine these steps with a pipe: openssl pkcs12 -in $file -nokeys | openssl x509 -text -noout Perhaps better for you, Java can display directly: keytool -list -v -keystore $file -storetype pkcs12 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
