[openssl-users] pkcs12 oddity
Jan Just Keijser
janjust at nikhef.nl
Sat Feb 13 23:55:38 UTC 2016
hi list,
we just ran into an "openssl pkcs12" oddity with various versions of
openssl (e.g. 1.0.1e from Fedora):
$ cat usercert.pem userkey.pem | openssl pkcs12 -export -out blah.p12
Enter pass phrase:
unable to load certificates
i.e. fails, but this works:
$ cat userkey.pem usercert.pem | openssl pkcs12 -export -out blah.p12
Enter pass phrase:
Enter Export Password:
Verifying - Enter Export Password:
this works: it seems the private key must always be listed first!
However, the man page for pkcs12 states:
-in filename
The filename to read certificates and private keys from, standard input by default. They must all be in
PEM format. The order doesn't matter but one private key and its corresponding certificate should be
present. If additional certificates are present they will also be included in the PKCS#12 file.
so, what am I doing wrong here? (the command listed above is not the
actual command we want to use, but it does bring out the problem very
nicely)
thanks for any help and pointers,
JJK / Jan Just Keijser
More information about the openssl-users
mailing list