SOLVED (Partially): Turns out there were two issues here:
When generating the private key and csr with keytool or openssl - The .p12 did not have a nickname so when imported into the certutil database (via pk12util) certutil would create a nickname using the text name of the certificate. The solution was to add -n $NICKNAME to openssl pkcs12 command used to create the .p12. When generating the private key & csr with certutil - The key is listed in the certutil database as orphaned even after importing the signed certificate. As a result even though the certificate had the right name it was not associated with a key and couldn't be used. The behavior looked like this old bug Windows certutil (https://bugzilla.mozilla.org/show_bug.cgi/show_activity.cgi?id=452391) that should have been fixed a while ago. -- View this message in context: http://qpid.2158936.n2.nabble.com/Broker-SSL-Config-tp7582284p7582756.html Sent from the Apache Qpid users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
