0

jww's answer to the question "How do you sign a Certificate Signing Request with your Certification Authority?" Original question was very useful to me and I created my own CA key and cert and used it to sign a server cert.

I have a linux server that I want to reach from an MS Edge browser. I found that the Microsoft Management Console application would not accept the .pem format certs so I converted them into .p12 (PKCS12) format and combined them in a single file also using material that I found on the stackoverflow site. (file attached)

My question is does openssl create pkcs12 certs natively or is the conversion stage necessary?

Jac
  • 13
  • 1
  • 4
  • 1
    PKCS12 is used to store or move the certificate or chain PLUS PRIVATEKEY, and a client like a browser SHOULD NEVER have the server privatekey, only the _CA cert_ that anchors the server cert. For MS this should be in TrustedRoots or sometimes IntermediateCAs, and MS cert import accepts either PEM or DER for a CA cert; OpenSSL commandline uses only PEM for lone certs. Yes OpenSSL commandline only creates newly-issued certs in PEM format; since a non-DIY CA should never have the subject's privatekey it can't create a PKCS12. – dave_thompson_085 Oct 22 '18 at 12:29
  • Thanks @dave_thompson_85. Good job my trial CA cert and key had lifetime one day. – Jac Oct 23 '18 at 13:47

0 Answers0