Craig Dunigan wrote: > I created the pkcs12 file thusly: > > openssl pkcs12 -export -nodes -out domain_cert.p12 -inkey <pem encoded > private key used to create wildcard csr> -in <pem encoded cert returned > from CA>
I did the following using similar files as you: openssl pkcs12 -export -nodes -out test.p12 -inkey key.pem -in cert.pem then I ran pk12util -l to list the contents which worked fine: /public/linux-dev/nss/bin/pk12util -l test.p12 for testing purposes I created a new db: /public/linux-dev/nss/bin/certutil -N -d . tried to import it: /public/linux-dev/nss/bin/pk12util -i test.p12 -d . Enter password for PKCS12 file: pk12util: no nickname for cert...not handled OpenSSL didn't set a friendly name for the cert. I went back and re-created the p12 with the appropriate option to set a friendly name: openssl pkcs12 -export -nodes -out test.p12 -inkey key.pem -in cert.pem -name "Testing" then I tried to import it again: /public/linux-dev/nss/bin/pk12util -i test.p12 -d . Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL verify import: /public/linux-dev/nss/bin/certutil -L -d . Testing u,u,u > Is there some way to make pk12util at least give me some hint as to > what's wrong with the syntax I'm trying? I'm getting frustrated with > the less than helpful repetition of the usage message. Thanks in advance, I think I'm using NSS 3.11.5. Maybe try setting a friendly name? Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
