[EMAIL PROTECTED] wrote, On 2008-02-09 08:04: > Hello, > > I'm stuck trying to export a private key generated by Firefox in the > process of obtaining a certificate. I received the corresponding > certificate in PEM format by email, but it has not yet been imported.
It's unclear whether you're ultimately trying to export a private key, or are trying to import a cert for that private key. > Indeed, the problem seems to be that I can't import it because Firefox > wants it in the PKCS12 format No, Firefox will happily import a cert file in any of several formats. It will only import or export private keys in PKCS#12 files, and those files must also include certificates corresponding to their respective private keys. > and I cannot create a PKCS12 bundle for > it because I lack the private key file Right. If your ultimate goal is to import the cert file into the browser then just do that, and you're done. No need to make any PKCS#12 files to do that. There are several ways to do it. Since you're already familiar with certutil, then one of the commands certutil -A or certutil -E is what you need, depending on if the cert is an email cert (-E) or not (-A). Be sure your browser is not running whenever you use certutil on your browser's DB files. > I looked at pk12util as a > means of exporting it, but I couldn't figure out how to get it to > export just this private key. It seems to require the certificate to > be already imported. Right. If your ultimate goal is to export the private key from the browser, then the steps you need to follow are: a) import the cert into the browser as described above, and then b) export the private key (with the cert) using the browser or using pk12util. Probably will be easiest to use the browser's built-in "cert backup" feature, which makes a PKCS#12 file. If you use pk12util, be sure your browser is not running when you do so. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
