Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client

From: Andreas Steffen (andreas.steffen_at_zhwin.ch)
Date: Fri Mar 15 2002 - 23:37:53 CET

Next message: D. Hugh Redelmeier: "Re: [Users] Re: [Bugs] Pluto problem reporting is messed up twice"
Previous message: Daniel Baker: "[Users] W2K Road Warrior to Dachstein Leaf VPN W/ out Certs... Query."
In reply to: Doug Wilson: "[Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Next in thread: Doug Wilson: "Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Reply: Doug Wilson: "Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I checked the private key and both the user and CA certificates with openssl
and could not detect any fault. But I have the strong suspicion that Soft-PK
does not support 2048 bit private keys. Generate a user certificate with a
1024 bit private/public key pair and try again. You can keep the CA cert
since I know from personal experience that 2048 bit RSA signatures are
supported.

Andreas

Doug Wilson wrote:
>
> I'm getting the following error message when trying to import openssl
> PKCS12 x509 certs/private keys into softpk.
>
> 'Unable to import key from personal certificate file.'
>
> This appears to be the same problem Morten Troen wrote about and Andreas
> Steffen responded to in:
>
> http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2001/09/msg00373.html
>
> I've tried Andreas Steffen's suggestion of examining the contents of my PKCS12 file with
>
> openssl pkcs12 -in test3Cert.p12 -nodes -out test3Cert1.pem
>
> and it appears to have all the bags ... host certificate, CA certificate, private key.
>
> I'm attaching the test3Cert1.pem file.
>
> Does anyone know why softpk would refuse to import test3Cert.p12?
>
> P.S.- Thanks to FreeS/WAN and this very helpful list my linux road-warrior can IPSEC! Now I just need to find a way to get my Windows road-warriors up.
>
> Thanks very much for any insights.
>
> --
> -----------------------------------------------------------
> Doug Wilson
> Project Director - Information Systems
> Virtual Technology Corporation
> 703-658-7050
> dwilson_at_virtc.com
>

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: D. Hugh Redelmeier: "Re: [Users] Re: [Bugs] Pluto problem reporting is messed up twice"
Previous message: Daniel Baker: "[Users] W2K Road Warrior to Dachstein Leaf VPN W/ out Certs... Query."
In reply to: Doug Wilson: "[Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Next in thread: Doug Wilson: "Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Reply: Doug Wilson: "Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:44 CEST