pkcs12 seems to export keys even if -nokeys is used
Hi Folks This refers to openssl 0.9.6b I try to export a cacert to a pkcs12 file using openssl pkcs12 -export -inkey RufCA/private/cakey.pem -out cacerts.p12 -cacerts -nokeys -name Ruf CA Certificate RufCA/cacert.pem Maybe I havent fully understood this but the -nokey should prevent the private key to be exported. If I do openssl pkcs12 -in cacerts.p12 I still get a private key displayed. What am I missing here Thanks Erich Titl __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pkcs12 seems to export keys even if -nokeys is used
Erich Titl wrote: Hi Folks This refers to openssl 0.9.6b I try to export a cacert to a pkcs12 file using openssl pkcs12 -export -inkey RufCA/private/cakey.pem -out cacerts.p12 -cacerts -nokeys -name Ruf CA Certificate RufCA/cacert.pem Maybe I havent fully understood this but the -nokey should prevent the private key to be exported. If I do openssl pkcs12 -in cacerts.p12 I still get a private key displayed. What am I missing here You can't use a PKCS#12 file to import a CA certificate only into a browser. Read the FAQ for more info. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pkcs12 seems to export keys even if -nokeys is used
Hi Steve At 12:48 21.11.2001 +, you wrote: You can't use a PKCS#12 file to import a CA certificate only into a browser. Read the FAQ for more info. Sorry if this was pure RTFM Erich __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]