[Openswan Users] Help regarding Certificate Authority

Peter McGill petermcgill at goco.net
Mon Apr 7 10:29:14 EDT 2008


Are you the client or is it someone else?
If it's you, then you should have a copy of the key either in the certificate request file,
or in a separate key file. You'll may also have this if you generated the initial request
for the client. However if the client generated and sent you the request themselves,
they most likely (and should not have) sent you the key.
 
If you do not have the key, you cannot use pkcs12, pkcs12 is for protecting the key
during transmission. Since the key is the only secret part, the cert is safe for others
to read (they cannot use it without the key.) You may simply instead send them
the newcert.pem file (if they already have the key) which they can then use.
 
Peter McGill
 


  _____  

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Suman S
Sent: April 7, 2008 12:56 AM
To: users at openswan.org; sagar at nt.com.np
Subject: [Openswan Users] Help regarding Certificate Authority



Hello 
I have already posted this mail to the group , bu t as i couldnt get enough help i am posting this once again.

As i am new to Certificate Authorization so i am in need of  some help desperately.
my problem is that the documentation works fine but   lastly  while exporting to p12 format . it says unable to load private key....


root at test:/usr/sslca# openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -certfile demoCA/cacert.pem -out ca.p12

the output says..................
....................................................
unable to load private key
...............................................
 again after getting some suggestion from the forum, i did  like following but again got error.. 

root at test:/usr/sslca# openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -certfile demoCA/cacert.pem -out ca.p12

Enter pass phrase for newkey.pem:

No certificate matches private key
so i am not able to continue.I am in great trouble as i my client validity expires in next few day and i have to renew that.
so do help me out to sort this problem.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080407/79fb08d4/attachment-0001.html 


More information about the Users mailing list