pkcs12 oddity

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

pkcs12 oddity

Jan Just Keijser-2
hi list,

we just ran into an "openssl pkcs12" oddity with various versions of
openssl (e.g. 1.0.1e from Fedora):

$ cat usercert.pem userkey.pem | openssl pkcs12 -export -out blah.p12
Enter pass phrase:
unable to load certificates

i.e. fails, but this works:

$ cat  userkey.pem usercert.pem | openssl pkcs12 -export -out blah.p12
Enter pass phrase:
Enter Export Password:
Verifying - Enter Export Password:

this works: it seems the private key must always be listed first!
However, the man page for pkcs12 states:

        -in filename
            The filename to read certificates and private keys from, standard input by default.  They must all be in
            PEM format. The order doesn't matter but one private key and its corresponding certificate should be
            present. If additional certificates are present they will also be included in the PKCS#12 file.

so, what am I doing wrong here? (the command listed above is not the
actual command we want to use, but it does bring out the problem very

thanks for any help and pointers,

JJK / Jan Just Keijser

openssl-users mailing list
To unsubscribe: