[openssl-users] Cannot read exported PKCS12 cert and private key
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Apr 29 04:03:45 UTC 2017
On Mon, Mar 13, 2017 at 02:27:39AM -0700, Gary L Peskin wrote:
> I exported a certificate and corresponding private key in base 64 encoded
> DER format
For the record, there is no such thing as base64-encoded DER format.
DER a binary encoding of ASN.1. A format would be particular ASN.1
structure, which can be encoded as DER, or in many cases as PEM.
OpenSSL has no PEM encoding for PKCS#12 objects. These are supported
only in DER-encoded form.
> I tried to read it using OpenSSL 1.0.2k
You gave it a PEM header that would be appropriate for a single
X.509 certificate, but the enclosed object is PKCS#12, not X.509.
> 15956:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:.\crypto\asn1\tasn_dec.c:1199:
This is expected. I'm attaching the corresponding binary PKCS#12
file. You should be able to decode that with the appropriate
passphrase.
--
Viktor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CACTEST_CA.p12
Type: application/octet-stream
Size: 2572 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170429/6fe6ad13/attachment.obj>
More information about the openssl-users
mailing list