Another thing that should be easy but took way too damn long to figure out. Some of the newer crypto libraries only take pkcs12 keys - which is huge overkill for almost everything. To convert the mundane PEM format to pkcs12 is a huge pain - you need to have a signing authority to sign the key. To follow the flow, you can just self-sign the key with the PEM itself. For instance:
# create a cert from our original ECDSA pem file - dont use a password unless you really need
openssl req -new -x509 -key pem.txt -out damncert.pem -days 730
# can check it just for grins, i'm paranoid
openssl x509 -in damncert.pem -text -noout
# convert the key to pkcs12 and sign with the same key to shut up the convert
openssl pkcs12 -export -out pkcs12_outfile -inkey pem.txt -in damncert.pem
PKCS12 isn't Microsoft's PFX - so this probably won't work with Microsoft's stuff.
 |
| SEO rules say I'll get more Google hits with media. So here's a picture of my cat on a ladder. :-) |
No comments:
Post a Comment