nseq vs Thawte freemail certificates

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

nseq vs Thawte freemail certificates

Joachim Buechse
Good day!

I am trying to extract my private key from a file downloaded from
Thawtes "Personal Freemail" certificate service. (Thawte creates the
private key for the user to simplify the process).

The file (with the meaningfull name deliver.exe) seems to be a Netscape
Certificate Sequence in DER format. After some basic steps to convert
it to PEM openssl nseq can convert it into a sequence of three PEM
encoded certificates. The first one being my own certificate. I can
view each of these 3 extracted certificates with openssl x509 but it
seems my private key gets lost in the conversion process.

I am running out of ideas... Any hits? Anyone else using Thawte
"Personal Freemail" certificates?

Best regards,
Joachim

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: nseq vs Thawte freemail certificates

David C. Partridge
I've not been there, but is it possible that this is a PKCS#12 bag?

Dave


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: nseq vs Thawte freemail certificates

Morgan Collett
In reply to this post by Joachim Buechse
Hi Joachim,

On 6/16/05, Joachim Buechse <[hidden email]> wrote:

> Good day!
>
> I am trying to extract my private key from a file downloaded from
> Thawtes "Personal Freemail" certificate service. (Thawte creates the
> private key for the user to simplify the process).
>
> The file (with the meaningfull name deliver.exe) seems to be a Netscape
> Certificate Sequence in DER format. After some basic steps to convert
> it to PEM openssl nseq can convert it into a sequence of three PEM
> encoded certificates. The first one being my own certificate. I can
> view each of these 3 extracted certificates with openssl x509 but it
> seems my private key gets lost in the conversion process.

The file from Thawte does not contain your private key. To get the
private key you need to install the certificate in your browser and
then export it.

Regards
Morgan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: nseq vs Thawte freemail certificates

Joachim Buechse
In reply to this post by Joachim Buechse
It was not the private key that got lost but me...

The private and public key are created locally - thanks to Bernhard
Froehlich for pointing this out in a private email. The private key is
never send to Thawte and hence it can not possibly be in the
deliver.exe file.

The local key generation by the browser is triggered via the (netscape
specific?) KEYGEN tag in an html form presented by Thawte.

Thanks for all the hints,
Joachim

PS: I am back at square one - I have to get my private key out of
Apples propietary keychain but that is different story:-)

Am 16.06.2005 um 11:43 schrieb Joachim Buechse:

> Good day!
>
> I am trying to extract my private key from a file downloaded from
> Thawtes "Personal Freemail" certificate service. (Thawte creates the
> private key for the user to simplify the process).
>
> The file (with the meaningfull name deliver.exe) seems to be a
> Netscape Certificate Sequence in DER format. After some basic steps to
> convert it to PEM openssl nseq can convert it into a sequence of three
> PEM encoded certificates. The first one being my own certificate. I
> can view each of these 3 extracted certificates with openssl x509 but
> it seems my private key gets lost in the conversion process.
>
> I am running out of ideas... Any hits? Anyone else using Thawte
> "Personal Freemail" certificates?
>
> Best regards,
> Joachim
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]