Hi I'm wondering if anyone could enlighten me on why the PKCS#12 exported certificate from Firefox under Ubuntu isn't identical to the certificate that I can generate from OpenSSL like this:
$ openssl pkcs12 -in yourCertificate.p12 -out yourCertificate.pem $ openssl pkcs12 -export -in yourCertificate.pem -out youCertificateFixed.p12 Does the NSS implementation of ASN.1 differ from OpenSSL implementation, or why wouldn't the results be identical? The reason is the difference in length, where the orginal pkcs#12 exported from Firefox isn't compatible with Mono. We described it a bit here: http://monoexperiences.wordpress.com/2009/10/16/working-with-pkcs12-in-mono/ and the Mono bug is described here: https://bugzilla.novell.com/show_bug.cgi?id=316337 While it clearly seems like a issue with Mono's implementation, it's rather critical for the use of certifications on the Linux platform, where there isn't a centralised certification manager, and thus forcing us to be relying on the browsers. And since Firefox is defacto browser under Ubuntu and OSX, I really want to be sure there isn't a easier work around, like using NSS to export a X.509 certificate instead of PKCS#12 when exporting personal certificates. Sincerely Claus Jørgensen, www.clausjoergensen.dk Mobile: +45 30 13 27 32
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
