<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>Are you the client or is it someone
else?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>If it's you, then you should have a copy of the key either
in the certificate request file,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>or in a separate key file. You'll may also have this if you
generated the initial request</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>for the client. However if the client generated and sent
you the request themselves,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>they most likely (and should not have) sent you the
key.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>If you do not have the key, you cannot use pkcs12, pkcs12
is for protecting the key</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>during transmission. Since the key is the only secret part,
the cert is safe for others</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>to read (they cannot use it without the key.) You may
simply instead send them</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278351514-07042008><FONT face=Arial
color=#0000ff size=2>the newcert.pem file (if they already have the key) which
they can then use.</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Suman
S<BR><B>Sent:</B> April 7, 2008 12:56 AM<BR><B>To:</B> users@openswan.org;
sagar@nt.com.np<BR><B>Subject:</B> [Openswan Users] Help regarding Certificate
Authority<BR></FONT><BR></DIV>
<DIV></DIV><BR>Hello <BR>I have already posted this mail to the group , bu t
as i couldnt get enough help i am posting this once again.<BR><BR>As i am new
to Certificate Authorization so i am in need of some help
desperately.<BR>my problem is that the documentation works fine but
lastly while exporting to p12 format . it says unable to load private
key....<BR><BR><BR>root@test:/usr/sslca# openssl pkcs12 -export -in
newcert.pem -inkey newreq.pem -certfile demoCA/cacert.pem -out
ca.p12<BR><BR>the output
says..................<BR>....................................................<BR>unable
to load private
key<BR>...............................................<BR> again after
getting some suggestion from the forum, i did like following but again
got error.. <BR><BR>root@test:/usr/sslca# openssl pkcs12 -export -in
newcert.pem -inkey newkey.pem -certfile demoCA/cacert.pem -out
ca.p12<BR><BR>Enter pass phrase for newkey.pem:<BR><BR>No certificate matches
private key<BR>so i am not able to continue.I am in great trouble as i my
client validity expires in next few day and i have to renew that.<BR>so do
help me out to sort this problem.<BR><BR></BLOCKQUOTE></BODY></HTML>