[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Error reading PKCS#12 file


  • Subject: Re: [Openvpn-users] Error reading PKCS#12 file
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Tue, 05 Feb 2008 11:47:18 +0100

is this the *entire* pkcs12 output? if so, then there's no private key 
in the p12 file and that would explain the error. If you did remove it 
for security reasons I completely agree and understand, but I must want 
to make sure...
A last thing that could be wrong with this p12 file is that the public 
cert and private key do not match. It is possible to verify this, but 
only if you also have the private key included (section '-----BEGIN RSA 
PRIVATE KEY-----').
Try
  openssl pkcs12 -in charite.p12 -out blah
  openssl x509 -noout -text -in blah
look for the section 'Modulus:' in the output. then compare this to
  openssl rsa -noout -text -in blah
and verify that the 'modulus' sections are identical. If so, then this 
public cert and private key belong together. Otherwise, your p12 is corrupt.

HTH,

JJK

Ralf Hildebrandt wrote:
> * Jan Just Keijser <janjust@xxxxxxxxx>:
>   
>> and
>>   openssl pkcs12 -info -in charite.p12
>> ?
>>     
>
> Enter Import Password:
> MAC Iteration 2048
> MAC verified OK
> PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
> Certificate bag
> Bag Attributes
>     localKeyID: AF A1 50 79 71 FE 9A 32 29 4E 5E 43 4B 13 93 82 DF B1
> 78 55
> subject=/C=DE/ST=Berlin/L=Berlin/O=Charite-VPN/CN=infoteam.vpn.charite.de/emailAddress=vpn-admin@xxxxxxxxxx
> issuer=/C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@xxxxxxxxxx
> -----BEGIN CERTIFICATE-----
> MIID3DCCA0WgAwIBAgICDkkwDQYJKoZIhvcNAQEFBQAwgY8xCzAJBgNVBAYTAkRF
> MQ8wDQYDVQQIEwZCRVJMSU4xDzANBgNVBAcTBkJFUkxJTjEYMBYGA1UEChMPT3Bl
> blZQTi1DaGFyaXRlMRswGQYDVQQDExJPcGVuVlBOLUNoYXJpdGUtQ0ExJzAlBgkq
> hkiG9w0BCQEWGGVpbndhaGwtYWRtaW5AY2hhcml0ZS5kZTAeFw0wODAxMjkxMjMw
> MzhaFw0xODAxMjYxMjMwMzhaMIGMMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
> bGluMQ8wDQYDVQQHEwZCZXJsaW4xFDASBgNVBAoTC0NoYXJpdGUtVlBOMSAwHgYD
> VQQDExdpbmZvdGVhbS52cG4uY2hhcml0ZS5kZTEjMCEGCSqGSIb3DQEJARYUdnBu
> LWFkbWluQGNoYXJpdGUuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPzu
> IoH9gV9ETCXFYws++nJ/+NnaM8LZ3G6ZwoMVw/bU9CKEn50U5+aoQS69K+DPR0ML
> oDNQuFRoCTrBc1c1vyerTUIFOqm4TVvOcwNbuYPfUwqqsPp0xkfOCEIrG2jrcv1m
> A4M2Zue4Is+N3nv6SkGQcm/6zKgQx2qc2PkAxSdJAgMBAAGjggFGMIIBQjAJBgNV
> HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
> aWNhdGUwHQYDVR0OBBYEFHF60dL5dc0Rs/tSTmrpHJHJv/4UMIHEBgNVHSMEgbww
> gbmAFAsp3+AJPb5TbjJRCy9VD5Lk1f/foYGVpIGSMIGPMQswCQYDVQQGEwJERTEP
> MA0GA1UECBMGQkVSTElOMQ8wDQYDVQQHEwZCRVJMSU4xGDAWBgNVBAoTD09wZW5W
> UE4tQ2hhcml0ZTEbMBkGA1UEAxMST3BlblZQTi1DaGFyaXRlLUNBMScwJQYJKoZI
> hvcNAQkBFhhlaW53YWhsLWFkbWluQGNoYXJpdGUuZGWCCQCwklYfsFdZ1jATBgNV
> HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEA
> OLo4xp4J84yar+JZtDO9tdcasuGhWM59v9cC5pgbq73cVpjMNpCzPVDUK2pa9Sop
> bBDl2Y8uscH8n6reT4hCo07y0uZHnN1K30PmL6Gti/JU/rjNoeMeGu3MDSpu/lJ8
> XkaRfvAh6TsyBylsg4AynGJ+OJTL0yoptU3rPMBsY30=
> -----END CERTIFICATE-----
> Certificate bag
> Bag Attributes: <No Attributes>
> subject=/C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@xxxxxxxxxx
> issuer=/C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@xxxxxxxxxx
> -----BEGIN CERTIFICATE-----
> MIIDljCCAv+gAwIBAgIJALCSVh+wV1nWMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYD
> VQQGEwJERTEPMA0GA1UECBMGQkVSTElOMQ8wDQYDVQQHEwZCRVJMSU4xGDAWBgNV
> BAoTD09wZW5WUE4tQ2hhcml0ZTEbMBkGA1UEAxMST3BlblZQTi1DaGFyaXRlLUNB
> MScwJQYJKoZIhvcNAQkBFhhlaW53YWhsLWFkbWluQGNoYXJpdGUuZGUwHhcNMDUw
> OTA3MTMzNTMzWhcNMTUwOTA1MTMzNTMzWjCBjzELMAkGA1UEBhMCREUxDzANBgNV
> BAgTBkJFUkxJTjEPMA0GA1UEBxMGQkVSTElOMRgwFgYDVQQKEw9PcGVuVlBOLUNo
> YXJpdGUxGzAZBgNVBAMTEk9wZW5WUE4tQ2hhcml0ZS1DQTEnMCUGCSqGSIb3DQEJ
> ARYYZWlud2FobC1hZG1pbkBjaGFyaXRlLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
> ADCBiQKBgQCT79xke89wD7KCbxy0oUsDjwyNAGbTyhnCB+0u+oY3XxdWpaY6RWyb
> YVNOktZy34OE/Vp4SCprV6iYxyloMqd1iCq2bGTA5NOD6uEXieRWJ35PFujcgf1n
> doAXim+FheZCHsYNR5rJ+nECdZBfUUu2TLBFh7E9ibpPK3Sb9GAjqwIDAQABo4H3
> MIH0MB0GA1UdDgQWBBQLKd/gCT2+U24yUQsvVQ+S5NX/3zCBxAYDVR0jBIG8MIG5
> gBQLKd/gCT2+U24yUQsvVQ+S5NX/36GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
> BgNVBAgTBkJFUkxJTjEPMA0GA1UEBxMGQkVSTElOMRgwFgYDVQQKEw9PcGVuVlBO
> LUNoYXJpdGUxGzAZBgNVBAMTEk9wZW5WUE4tQ2hhcml0ZS1DQTEnMCUGCSqGSIb3
> DQEJARYYZWlud2FobC1hZG1pbkBjaGFyaXRlLmRlggkAsJJWH7BXWdYwDAYDVR0T
> BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBH6BNhI8+7GCTHZhKQmywB1ZHSYDJo
> 1pPcHn20gNi70bhX9ZIzziDDMkZayb1nrTOKhDhRToLuWfGI8sdeFRLSaf0mCw6J
> rtWoIKWFUsRVgEyJ6K+wIUId1suyoEosI0I7RobCOSxAH6pS2O+U8Dy0PaU6DvD/
> 5xwtICd8YLwOFQ==
> -----END CERTIFICATE-----
> PKCS7 Data
> Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
> Bag Attributes
>     localKeyID: AF A1 50 79 71 FE 9A 32 29 4E 5E 43 4B 13 93 82 DF B1
> 78 55
> Key Attributes: <No Attributes>
>
>   
>> BTW, are you using the same p12 file for multiple clients?
>>     
>
> No.
>
>   
>> or is it just this particular p12 file?
>>     
>
> It's just that user on XP SP2
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users