Forums

Resolved
0 votes
Help me please! I want to create user certificate. But when i try to install it on home pc i get a message: This file can not be used as: Personal Information Exchange File.
What can i do to understand whats wrong?
Wednesday, June 13 2018, 06:41 PM
Share this post:
Responses (4)
  • Accepted Answer

    Thursday, June 14 2018, 07:20 PM - #Permalink
    Resolved
    1 votes
    I've don't know what is going wrong for you or why the basic PKCS12 you get from the webconfig does not work if the manual command does. The last one is using a temporary password file which is probably written from the webconfig. It would be trivial to script from the underlying certificates if they already exist and you want to give each one the same or no password.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 14 2018, 07:04 PM - #Permalink
    Resolved
    0 votes
    If i make certificate by user interface and than dowload by pscp from server it works fine. I think problem is not in openssl or keys for that command. But i dont understand why certificate dont work if i download it from https://server:81/app/user_certificates. Have you any ideas?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 14 2018, 06:49 PM - #Permalink
    Resolved
    0 votes
    This works fine. But i have to make a lot of certificates. I want to save time and do that with user interface. How can i do that?
    openssl.exe pkcs12 -export -in denali.crt -inkey denali.key -out denali.combined.pfx - works fine.
    In /usr/clearos/app/certificate_manager/libraries/SSL.php i find the same command
    pkcs12 -export -in /etc/pki/CA/client-ivan-cert.pem -inkey /etc/pki/CA/private/client-ivan-key.pem -certfile /etc/pki/CA/ca-cert.pem -name "client-ivan.p12" -passout file:/var/tmp/opensslbffNSy -out /etc/pki/CA/client-ivan.p12
    I think to change the last string, but before i want to undestand the differense betwen them. Why the fist string works and the last not? What key in the last string is wrong?

    Thank you in advance.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 14 2018, 10:10 AM - #Permalink
    Resolved
    1 votes
    Which certificate have you tried downloading? Is it the PKCS12 certificate? Alternatively you can probably create the file following this link. The underlying certificates are in /etc/pki/CA and the keys in /etc/pki/CA/private.
    The reply is currently minimized Show
Your Reply