[EXTERNAL] Problems importing keys and certs in Android.

Fri Mar 10 10:15:03 UTC 2023

Maybe these versions of Android can only handle the "legacy" algorithms?
Try adding the "-legacy" option when creating the PKCS#12 files.

On Fri, Mar 10, 2023 at 11:11 AM clement.legoffic at kelio.com <
clement.legoffic at kelio.com> wrote:

> Hello
>
>
>
> I am using openssl to create my certificates for a 802.1X environnment
> with a freeradius server.
>
> I use the freeradius Makefile to generate my keys and certs :
>
>
>
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/certs/Makefile
> <https://urldefense.com/v3/__https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/certs/Makefile__;!!BN3BN5aqUA!7oHKFONz_mQzi19g08SqWx0HXNHo73zc8e_3wzOvm7cmvHHrlNrE_ZPxGrs1j8ApofUkTcN09znNGna9Giln4Lqzl_3fDEQ$>
>
>
>
> The Makefile works well and certificates too, I am able to authenticate to
> my Freeradius server with a embedded Linux device that has the ca cert and
> client cert installed.
>
>
>
> I need to make my solution working with Android device.
>
>
>
> So I use the p12 file generated by the Makefile on my Android phone (it
> contains the same priv key and certificates used by the embedded linux
> device)
>
> The fact is that I cannot import my p12 file in either an Android 10
> neither on an Android 13.
>
>
>
> After asking the freeradius mailing list that told me the p12 file is
> working well, I was wondering if the error has already been encounter by
> openssl users
>
>
>
> So, do you ever had problems importing p12 or cert/key file on android ?
>
>
>
> Thanks
>
>
> Ce message et toutes les pieces jointes (ci-apres le "message") sont
> etablis a l'intention exclusive de ses destinataires.
> Si vous recevez ce message par erreur, merci de le detruire et d'en
> avertir immediatement l'expediteur par e-mail.
> Toute utilisation de ce message non conforme a sa destination, toute
> diffusion ou toute publication, totale ou partielle, est interdite, sauf
> autorisation expresse. Les communications sur Internet n'etant pas
> securisees, l'expediteur informe qu'il ne peut accepter aucune
> responsabilite quant au contenu de ce message.
> This mail message and attachments (the "message") are solely intended for
> the addresses. It is confidential in nature.
> If you receive this message in error, please delete it and immediately
> notify the sender by e-mail.
> Any use other than its intended purpose, dissemination or disclosure,
> either whole or partial, is prohibited except if formal approval is
> granted. As communication on the Internet is not secure, the sender does
> not accept responsibility for the content of this message.
>

-- 
Cordialement,
Erwann Abalea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230310/2580762d/attachment.htm>