|
|
is this the *entire* pkcs12 output? if so, then there's no private key in the p12 file and that would explain the error. If you did remove it for security reasons I completely agree and understand, but I must want to make sure... A last thing that could be wrong with this p12 file is that the public cert and private key do not match. It is possible to verify this, but only if you also have the private key included (section '-----BEGIN RSA PRIVATE KEY-----'). Try openssl pkcs12 -in charite.p12 -out blah openssl x509 -noout -text -in blah look for the section 'Modulus:' in the output. then compare this to openssl rsa -noout -text -in blah and verify that the 'modulus' sections are identical. If so, then this public cert and private key belong together. Otherwise, your p12 is corrupt. HTH, JJK Ralf Hildebrandt wrote: > * Jan Just Keijser <janjust@xxxxxxxxx>: > >> and >> openssl pkcs12 -info -in charite.p12 >> ? >> > > Enter Import Password: > MAC Iteration 2048 > MAC verified OK > PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 > Certificate bag > Bag Attributes > localKeyID: AF A1 50 79 71 FE 9A 32 29 4E 5E 43 4B 13 93 82 DF B1 > 78 55 > subject=/C=DE/ST=Berlin/L=Berlin/O=Charite-VPN/CN=infoteam.vpn.charite.de/emailAddress=vpn-admin@xxxxxxxxxx > issuer=/C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@xxxxxxxxxx > -----BEGIN CERTIFICATE----- > MIID3DCCA0WgAwIBAgICDkkwDQYJKoZIhvcNAQEFBQAwgY8xCzAJBgNVBAYTAkRF > MQ8wDQYDVQQIEwZCRVJMSU4xDzANBgNVBAcTBkJFUkxJTjEYMBYGA1UEChMPT3Bl > blZQTi1DaGFyaXRlMRswGQYDVQQDExJPcGVuVlBOLUNoYXJpdGUtQ0ExJzAlBgkq > hkiG9w0BCQEWGGVpbndhaGwtYWRtaW5AY2hhcml0ZS5kZTAeFw0wODAxMjkxMjMw > MzhaFw0xODAxMjYxMjMwMzhaMIGMMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy > bGluMQ8wDQYDVQQHEwZCZXJsaW4xFDASBgNVBAoTC0NoYXJpdGUtVlBOMSAwHgYD > VQQDExdpbmZvdGVhbS52cG4uY2hhcml0ZS5kZTEjMCEGCSqGSIb3DQEJARYUdnBu > LWFkbWluQGNoYXJpdGUuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPzu > IoH9gV9ETCXFYws++nJ/+NnaM8LZ3G6ZwoMVw/bU9CKEn50U5+aoQS69K+DPR0ML > oDNQuFRoCTrBc1c1vyerTUIFOqm4TVvOcwNbuYPfUwqqsPp0xkfOCEIrG2jrcv1m > A4M2Zue4Is+N3nv6SkGQcm/6zKgQx2qc2PkAxSdJAgMBAAGjggFGMIIBQjAJBgNV > HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm > aWNhdGUwHQYDVR0OBBYEFHF60dL5dc0Rs/tSTmrpHJHJv/4UMIHEBgNVHSMEgbww > gbmAFAsp3+AJPb5TbjJRCy9VD5Lk1f/foYGVpIGSMIGPMQswCQYDVQQGEwJERTEP > MA0GA1UECBMGQkVSTElOMQ8wDQYDVQQHEwZCRVJMSU4xGDAWBgNVBAoTD09wZW5W > UE4tQ2hhcml0ZTEbMBkGA1UEAxMST3BlblZQTi1DaGFyaXRlLUNBMScwJQYJKoZI > hvcNAQkBFhhlaW53YWhsLWFkbWluQGNoYXJpdGUuZGWCCQCwklYfsFdZ1jATBgNV > HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEA > OLo4xp4J84yar+JZtDO9tdcasuGhWM59v9cC5pgbq73cVpjMNpCzPVDUK2pa9Sop > bBDl2Y8uscH8n6reT4hCo07y0uZHnN1K30PmL6Gti/JU/rjNoeMeGu3MDSpu/lJ8 > XkaRfvAh6TsyBylsg4AynGJ+OJTL0yoptU3rPMBsY30= > -----END CERTIFICATE----- > Certificate bag > Bag Attributes: <No Attributes> > subject=/C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@xxxxxxxxxx > issuer=/C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@xxxxxxxxxx > -----BEGIN CERTIFICATE----- > MIIDljCCAv+gAwIBAgIJALCSVh+wV1nWMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYD > VQQGEwJERTEPMA0GA1UECBMGQkVSTElOMQ8wDQYDVQQHEwZCRVJMSU4xGDAWBgNV > BAoTD09wZW5WUE4tQ2hhcml0ZTEbMBkGA1UEAxMST3BlblZQTi1DaGFyaXRlLUNB > MScwJQYJKoZIhvcNAQkBFhhlaW53YWhsLWFkbWluQGNoYXJpdGUuZGUwHhcNMDUw > OTA3MTMzNTMzWhcNMTUwOTA1MTMzNTMzWjCBjzELMAkGA1UEBhMCREUxDzANBgNV > BAgTBkJFUkxJTjEPMA0GA1UEBxMGQkVSTElOMRgwFgYDVQQKEw9PcGVuVlBOLUNo > YXJpdGUxGzAZBgNVBAMTEk9wZW5WUE4tQ2hhcml0ZS1DQTEnMCUGCSqGSIb3DQEJ > ARYYZWlud2FobC1hZG1pbkBjaGFyaXRlLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN > ADCBiQKBgQCT79xke89wD7KCbxy0oUsDjwyNAGbTyhnCB+0u+oY3XxdWpaY6RWyb > YVNOktZy34OE/Vp4SCprV6iYxyloMqd1iCq2bGTA5NOD6uEXieRWJ35PFujcgf1n > doAXim+FheZCHsYNR5rJ+nECdZBfUUu2TLBFh7E9ibpPK3Sb9GAjqwIDAQABo4H3 > MIH0MB0GA1UdDgQWBBQLKd/gCT2+U24yUQsvVQ+S5NX/3zCBxAYDVR0jBIG8MIG5 > gBQLKd/gCT2+U24yUQsvVQ+S5NX/36GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN > BgNVBAgTBkJFUkxJTjEPMA0GA1UEBxMGQkVSTElOMRgwFgYDVQQKEw9PcGVuVlBO > LUNoYXJpdGUxGzAZBgNVBAMTEk9wZW5WUE4tQ2hhcml0ZS1DQTEnMCUGCSqGSIb3 > DQEJARYYZWlud2FobC1hZG1pbkBjaGFyaXRlLmRlggkAsJJWH7BXWdYwDAYDVR0T > BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBH6BNhI8+7GCTHZhKQmywB1ZHSYDJo > 1pPcHn20gNi70bhX9ZIzziDDMkZayb1nrTOKhDhRToLuWfGI8sdeFRLSaf0mCw6J > rtWoIKWFUsRVgEyJ6K+wIUId1suyoEosI0I7RobCOSxAH6pS2O+U8Dy0PaU6DvD/ > 5xwtICd8YLwOFQ== > -----END CERTIFICATE----- > PKCS7 Data > Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 > Bag Attributes > localKeyID: AF A1 50 79 71 FE 9A 32 29 4E 5E 43 4B 13 93 82 DF B1 > 78 55 > Key Attributes: <No Attributes> > > >> BTW, are you using the same p12 file for multiple clients? >> > > No. > > >> or is it just this particular p12 file? >> > > It's just that user on XP SP2 > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-02/msg00034.html on line 286 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-02/msg00034.html on line 286 |