Openssl on Windows 2008 R2
Posted on 2015-01-26
I am having a problem with the PKCS12 format.
So here is some background on what I am doing. I am working on a Windows 2008R2 server and attempting to set up a self-signed certificate for clients to use when authenticating to an application via a remote client. The application vendor has provided me with some instructions on how to do this. So far most of the instructions worked, but not particularly well.
I have created the directory/subdirectory structures, the index file and serial file.
echo 2 > certs\index.txt
echo 21 > certs\serial
Modified the openssl.cfg file appropriately. Then generated the cakey.pem and the cacert.pem.
openssl.exe req -new -x509 -days 365 -keyout certs\private\cakey.pem -out certs\cacert.pem
From there I have created the server_csr.pem and server_key.pem.
openssl.exe req -days 365 -out server_csr.pem -new -newkey rsa:2048 -keyout server_key.pem
After that I have used the server_csr.pem to create the server_cert.pem
openssl.exe ca -in server_csr.pem -out server_cert.pem
Ok at this point I run this:
openssl.exe pkcs12 -export -in server_cert.pem -inkey server_key.pem > server.p12
This creates the server.p12 file. At this point I am supposed to create the certificate and key in the proper format with these commands
openssl.exe pkcs12 -in server.p12 -out server-cert.pem -nokeys
openssl.exe pkcs12 -in server.p12 -out server-key.pem -nocerts -nodes
These final two commands are what I cannot get working. They give me the following errors:
:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1319:
:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=PKCS12
Any help that you can render me would be appreciated. Also unfortunately I cannot upload anything though I can an will answer questions to the best of my ability.