How to create a "restorable" PKCS#12 file for Netscape 6

Wed, 17 Oct 2001 21:37:23 -0700 


Hi All, I am new to this mailing list.
Maybe this is a FAQ but I couldn't find an answer from..

  I have my own CA (for servlet developping purpose) and created a
client cert, named "usercert.pem" and "userkey.pem", signed by the
CA's cert. From these files, I created a PKCS#12 format cert file
with:

        # openssl pkcs12 -export -in usercert.pem -inkey userkey.pem \
          -out user.p12

  The "user.p12" is importable for IE5.x, IE6, and Netscape 4.x. But
not for Netscape 6. Actually, Netscape 6 has no "import a
certification" dialog/menu or something like that, it has certificate
backup/restore button instead. I used "restore" button to import the
"user.p12", but Netscape 6 said that failed restoring the "user.p12"
:-<

  So, followings are what I did for using the "user.p12" in Netscape 6:

1. Import the "user.p12" into Netscape 4.x.
2. Export the certificate from Netscape 4.x, named "userX.p12".
3. Restore the "userX.p12" into Netscape 6 via the "restore" button.

  Dose anyone know proper openssl command line option(s) to create a
"Netscape 6 importable" PKCS#12 certificate ? Any informations are
welcome.

FYI, following is result of "openssl pkcs12 -info -in userX.p12",
hope this might help..
-------------------- start --------------------
MAC Iteration 1
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1
Bag Attributes
    friendlyName: Heita
    localKeyID: .... SNIP ....
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC, .... SNIP ....

        .... SNIP ....

-----END RSA PRIVATE KEY-----
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1
Certificate bag
Bag Attributes
    friendlyName: Heita
    localKeyID: .... SNIP ....
subject=/C=JP/  .... SNIP ....
issuer= /C=JP/  .... SNIP ....
-----BEGIN CERTIFICATE-----

        .... SNIP ....

-----END CERTIFICATE-----
-------------------- end --------------------

Regards,
---
m-hirano
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to