[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Error reading PKCS#12 file


  • Subject: Re: [Openvpn-users] Error reading PKCS#12 file
  • From: Ralf Hildebrandt <Ralf.Hildebrandt@xxxxxxxxxx>
  • Date: Tue, 5 Feb 2008 12:50:24 +0100

* Jan Just Keijser <janjust@xxxxxxxxx>:
> is this the *entire* pkcs12 output? if so, then there's no private key in 
> the p12 file and that would explain the error. If you did remove it for 
> security reasons I completely agree and understand, but I must want to 
> make sure...

It is in there :)

> A last thing that could be wrong with this p12 file is that the public  
> cert and private key do not match. It is possible to verify this, but  
> only if you also have the private key included (section '-----BEGIN RSA  
> PRIVATE KEY-----').
> Try
>  openssl pkcs12 -in charite.p12 -out blah
>  openssl x509 -noout -text -in blah
> look for the section 'Modulus:' in the output. then compare this to

                Modulus (1024 bit):
00:fc:ee:22:81:fd:81:5f:44:4c:25:c5:63:0b:3e:
fa:72:7f:f8:d9:da:33:c2:d9:dc:6e:99:c2:83:15:
c3:f6:d4:f4:22:84:9f:9d:14:e7:e6:a8:41:2e:bd:
2b:e0:cf:47:43:0b:a0:33:50:b8:54:68:09:3a:c1:
73:57:35:bf:27:ab:4d:42:05:3a:a9:b8:4d:5b:ce:
73:03:5b:b9:83:df:53:0a:aa:b0:fa:74:c6:47:ce:
08:42:2b:1b:68:eb:72:fd:66:03:83:36:66:e7:b8:
22:cf:8d:de:7b:fa:4a:41:90:72:6f:fa:cc:a8:10:
c7:6a:9c:d8:f9:00:c5:27:49
          Exponent: 65537 (0x10001)

>  openssl rsa -noout -text -in blah

modulus:
00:fc:ee:22:81:fd:81:5f:44:4c:25:c5:63:0b:3e:
fa:72:7f:f8:d9:da:33:c2:d9:dc:6e:99:c2:83:15:
c3:f6:d4:f4:22:84:9f:9d:14:e7:e6:a8:41:2e:bd:
2b:e0:cf:47:43:0b:a0:33:50:b8:54:68:09:3a:c1:
73:57:35:bf:27:ab:4d:42:05:3a:a9:b8:4d:5b:ce:
73:03:5b:b9:83:df:53:0a:aa:b0:fa:74:c6:47:ce:
08:42:2b:1b:68:eb:72:fd:66:03:83:36:66:e7:b8:
22:cf:8d:de:7b:fa:4a:41:90:72:6f:fa:cc:a8:10:
c7:6a:9c:d8:f9:00:c5:27:49
publicExponent: 65537 (0x10001)
				    
> and verify that the 'modulus' sections are identical. If so, then this  
> public cert and private key belong together. Otherwise, your p12 is 
> corrupt.

So, am I seeing a Windows-Bug?
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users