Re: I m trying to merge key and certificate using pkcs12
On Fri, Feb 18, 2011 at 01:22:44AM -0800, kalpesh07 wrote:
> I am trying to create digital signature for pdf document by openssl commands
> from php file.
> I write these two commands first in php file
> exec("openssl req -x509 -nodes -days 365 -subj
> '/C=In/ST=Mumbai/L=Maharashtra/CN=www.kalpesh.com' -newkey rsa:1024 -keyout
> openssl_key.pem -out openssl_crt.pem");
This command should probably at the very least set a umask of 077 to
protect the key. Alternatively, it should encrypt the key. The key generation
step is usually best done separately from the generation of the self-signed
This command requires a pass-phrase to encrypt the PKCS#12 container.
> exec("openssl pkcs12 -in openssl_key_crt.p12 -out openssl_key_crt_enc.pem");
> I successfully created openssl_key.pem and openssl_crt.pem files
> But openssl_key_crt.p12 and openssl_key_crt_enc.pem comes blank.
> Is there something wrong i am doing?
Not providing all the required inputs to the pkcs12 commands.
> How should i create digital signature using openssl on the fly for users in
> my site.
Carefully and securely. What is the purpose of these digital signatures?
Why are signatures under a self-signed certificate any better than
no signatures? It seems that the real issue is at a higher level
than your difficulty with using the pkcs12 command. What is your