Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Using -password flag to import cert, failed

1,541 views
Skip to first unread message

Dr. Stephen Henson

unread,
Dec 17, 2003, 7:35:31 PM12/17/03
to
On Wed, Dec 17, 2003, Jana Nguyen wrote:

> Hi,
>
> Is there a way to convert the .p12 file to import the certificate into a
> .pem file, in one command, including the password to import? I've tried
> the -password flag with the pkcs12 command, but did not work. Example,
> below:
>
> 53> openssl pkcs12 -in SignatureKey.p12 -clcerts -nokeys -out
> cert.pem -password testing123
>
> Invalid password argument "testing123"
> Error getting passwords
>
> The -password flag doesn't seem to be recognized. Is there a work around
> to include the password to import the certificate in one command line?
>

It is recognized you are using an invalid syntax. The syntax from the
-password (and similar) command line switches is described in the manual
pages.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Jana Nguyen

unread,
Dec 17, 2003, 7:43:36 PM12/17/03
to
Hmm, the manual output below. Neither the -password, or the -passin, and
-passout flag works.

52> openssl pkcs12 -help

Usage: pkcs12 [options]
where options are
-export output PKCS12 file
-inkey file private key if not infile
-certfile f add all certs in f
-nomacver don't verify MAC.
-nocerts don't output certificates.
-clcerts only output client certificates.
-cacerts only output CA certificates.
-nokeys don't output private keys.
-maciter use MAC iteration
-twopass separate MAC, encryption passwords
-password p set import/export password source
-passin p input file pass phrase source
-passout p output file pass phrase source

--On Thursday, December 18, 2003 1:35 AM +0100 "Dr. Stephen Henson"

Dr. Stephen Henson

unread,
Dec 17, 2003, 8:05:30 PM12/17/03
to
On Wed, Dec 17, 2003, Jana Nguyen wrote:

> Hmm, the manual output below. Neither the -password, or the -passin, and
> -passout flag works.
>
> 52> openssl pkcs12 -help
>
> Usage: pkcs12 [options]
> where options are
> -export output PKCS12 file
> -inkey file private key if not infile
> -certfile f add all certs in f
> -nomacver don't verify MAC.
> -nocerts don't output certificates.
> -clcerts only output client certificates.
> -cacerts only output CA certificates.
> -nokeys don't output private keys.
> -maciter use MAC iteration
> -twopass separate MAC, encryption passwords
> -password p set import/export password source
> -passin p input file pass phrase source
> -passout p output file pass phrase source
>

That's the usage message not the manual page. The manual pages are in doc/apps
in the OpenSSL distribution or online. See:

http://www.openssl.org/docs/apps/openssl.html#PASS_PHRASE_ARGUMENTS

These are saying that you don't just give the passphrase as an argument you
need pass:XXXX where XXXX is the passphrase or various other options described
there.

0 new messages