On Tue, Nov 28, 2006, Julius Davies wrote:

> 2. Max Weijun Wang recommends using "KeyStore.getInstance("pkcs12")"
> to load it. That's a great idea, but you probably need to get openssl
> to output the file in "DER" format first:
> openssl pkcs12 -in pkcs12.pem -out pkcs12.der -outform DER
> Java can read PKCS #12 files, but only in DER form. Not in OpenSSL's
> PEM form. The "PKCS #12" file created by OpenSSL in PEM format is
> actually just a series of X509 certificates and an encrypted private
> key (usually using the "Traditional SSLeay Format"). If you have time
> you can manually split out all those different PEM items (using cut &
> paste) into separate files. You can then get "openssl" to decrypt the
> RSA key into unencrypted PKCS #8 DER format (see below).

OpenSSL doesn't use PEM format for PKCS#12 files: they are always in DER

What you refer to above is a PEM file containing various keys and certificates
concatentated. That is *not* PKCS#12 form.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org