[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Error reading PKCS#12 file


  • Subject: Re: [Openvpn-users] Error reading PKCS#12 file
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Tue, 05 Feb 2008 13:26:38 +0100

Hi Ralf,

OK, so your pkcs12 file contains a cert and a priv key that belong 
together; the p12 file seems to contain 2 certs, is that correct? can 
you try creating a new pkcs12 with only the correct cert+priv key pair 
in it? It should not matter, as far as I understand the PKCS12 format 
but I just want to make sure that Windows is not choking on the 2 certs 
in a single pkcs12 file.

Also, sad but true: have you tried re-installing openvpn on this box?

cheers,

JJK

Ralf Hildebrandt wrote:
> * Jan Just Keijser <janjust@xxxxxxxxx>:
>   
>> is this the *entire* pkcs12 output? if so, then there's no private key in 
>> the p12 file and that would explain the error. If you did remove it for 
>> security reasons I completely agree and understand, but I must want to 
>> make sure...
>>     
>
> It is in there :)
>
>   
>> A last thing that could be wrong with this p12 file is that the public  
>> cert and private key do not match. It is possible to verify this, but  
>> only if you also have the private key included (section '-----BEGIN RSA  
>> PRIVATE KEY-----').
>> Try
>>  openssl pkcs12 -in charite.p12 -out blah
>>  openssl x509 -noout -text -in blah
>> look for the section 'Modulus:' in the output. then compare this to
>>     
>
>                 Modulus (1024 bit):
> 00:fc:ee:22:81:fd:81:5f:44:4c:25:c5:63:0b:3e:
> fa:72:7f:f8:d9:da:33:c2:d9:dc:6e:99:c2:83:15:
> c3:f6:d4:f4:22:84:9f:9d:14:e7:e6:a8:41:2e:bd:
> 2b:e0:cf:47:43:0b:a0:33:50:b8:54:68:09:3a:c1:
> 73:57:35:bf:27:ab:4d:42:05:3a:a9:b8:4d:5b:ce:
> 73:03:5b:b9:83:df:53:0a:aa:b0:fa:74:c6:47:ce:
> 08:42:2b:1b:68:eb:72:fd:66:03:83:36:66:e7:b8:
> 22:cf:8d:de:7b:fa:4a:41:90:72:6f:fa:cc:a8:10:
> c7:6a:9c:d8:f9:00:c5:27:49
>           Exponent: 65537 (0x10001)
>
>   
>>  openssl rsa -noout -text -in blah
>>     
>
> modulus:
> 00:fc:ee:22:81:fd:81:5f:44:4c:25:c5:63:0b:3e:
> fa:72:7f:f8:d9:da:33:c2:d9:dc:6e:99:c2:83:15:
> c3:f6:d4:f4:22:84:9f:9d:14:e7:e6:a8:41:2e:bd:
> 2b:e0:cf:47:43:0b:a0:33:50:b8:54:68:09:3a:c1:
> 73:57:35:bf:27:ab:4d:42:05:3a:a9:b8:4d:5b:ce:
> 73:03:5b:b9:83:df:53:0a:aa:b0:fa:74:c6:47:ce:
> 08:42:2b:1b:68:eb:72:fd:66:03:83:36:66:e7:b8:
> 22:cf:8d:de:7b:fa:4a:41:90:72:6f:fa:cc:a8:10:
> c7:6a:9c:d8:f9:00:c5:27:49
> publicExponent: 65537 (0x10001)
> 				    
>   
>> and verify that the 'modulus' sections are identical. If so, then this  
>> public cert and private key belong together. Otherwise, your p12 is 
>> corrupt.
>>     
>
> So, am I seeing a Windows-Bug?
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users