> From: owner-openssl-users On Behalf Of Nyyr > Sent: Tuesday, December 10, 2013 15:37
> I received certificate from CA and it had no alias set: <snip> (as expected; alias is local to your system and CA doesn't know it) > So I set alias via: <snip: x509 -setalias myalias> > I then exported the certificate along with my private key > to .p12 via: > > openssl pkcs12 -export -in QCA1530646_2.pem -inkey private_q.key -name > testname -out Q20131024.p12 > > and verified via: > > openssl pkcs12 -in Q20131024.p12 -nokeys | openssl x509 -alias -noout > Enter Import Password: > MAC verified OK > <No Alias> > > and there is no alias set! > For some reason not clear to me commandline 'pkcs12 -export' discards any alias attached to the user cert (i.e. the one matching the privatekey). If you want a 'friendlyname' in PKCS12, you must use option -name -- as you did, but with a different value than you used for the alias -- while for a CA cert it can use either an alias or option -caname. Other sw that reads p12 and uses it should see friendlynames. But if you have friendlyname(s) in PKCS12 as above (or from elsewhere), 'pkcs12 (import)' ignores it and does not attach it to the output cert(s). So you actually lose the alias on export AND the friendlyname on import. Sorry. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
