First it opens the file, looks for a key in it, and then reads that key. The pkcs12 app reads things from the input file in multiple passes. So if this worked "recently", I'm intrigued! Do you know which version of OpenSSL this worked on? I tried all the way back to 1.0.1 which you mentioned in your post. I couldn't get this one-lliner to work with any version of OpenSSL. ~$ openssl req -x509 -subj '/CN=' -newkey rsa:2048 -keyout src.key -out src.crtįor years, I have been using the following one-liner to alter the "CSP" setting of any given PFX, without any issue: If not present then a private key must be present in the input file.īut, at the moment, I can't get any stdin-based form of openssl pkcs12 to actually parse input to that understanding. If additional certificates are present they will also be included in the PKCS#12 file.įile to read private key from. The order doesn't matter but one private key and its corresponding certificate should be present. The filename to read certificates and private keys from, standard input by default. This understanding is based on the documentation for -in and -inkey in man pkcs12, which reads: My understanding is that openssl pkcs12 accepts input from stdin by default when -in is not passed: input should consist of PEM-armoured base64 objects, where at least one must be a certificate and (where -inkey is not passed) the other must be its key. I'm running from distro-packaged versions, which appear to be based on 1.0.2g (Ubuntu Xenial) and 1.0.1e-fips (CentOS 6), so I know I'm not running latest source, and I don't want to raise a bug based on the behaviour of these older versions, without first verifying my findings and understanding (hence the question).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |