Re: exporting the certificate with the .pfx

Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> · Fri, 15 Jun 2018 20:08:53 -0400

> On Jun 15, 2018, at 7:25 PM, Harold Huggins <director@xxxxxxxxxx> wrote:
> 
> We are having issues exporting the certificate with the .pfx

Works here.

$ openssl req -new -x509 -newkey rsa:1024 -nodes -keyout key.pem -out cert.pem -days 30 -subj "/CN=$(uname -n)"
Generating a 1024 bit RSA private key
............................++++++
.................................................++++++
writing new private key to 'key.pem'
-----

$ openssl pkcs12 -export -out chain.p12 -inkey key.pem -in cert.pem \
    -passout pass:foobar -certpbe aes-128-cbc -keypbe aes-128-cbc

$ openssl pkcs12 -info -in chain.p12 -passin pass:foobar -passout pass:foobar 
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: PBES2, PBKDF2, AES-128-CBC, Iteration 2048, PRF hmacWithSHA1
Certificate bag
Bag Attributes
    localKeyID: F7 AC 6C BE 62 B1 CC 80 C7 AC DC B4 9F 85 C6 19 C6 F7 4B 0F
subject=/CN=amnesiac.example
issuer=/CN=amnesiac.example
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-128-CBC, Iteration 2048, PRF hmacWithSHA1
Bag Attributes   
    localKeyID: F7 AC 6C BE 62 B1 CC 80 C7 AC DC B4 9F 85 C6 19 C6 F7 4B 0F
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users