I have the following command that transform the certificate and private key from PEM to pkcs12 format and store them in a keystore
openssl pkcs12 -export -chain -in mycert.pem -inkey mykey.pem -out
keystore.p12 -name namename-CAfile mycert.pem
This command is sent via SSH and the terminal responds with requesting a password for the store which I can not respond to from my remote tool
I tried this but did not work
openssl pkcs12 -export -chain -in mycert.pem -inkey mykey.pem -out keystore23.p12 -name namename-CAfile mycert.pem -storepass somepass
Any of the following solutions would suffice :
1- Send the password directly by passing an argument to the openssl tool
2- Send the password to the terminal
if your'e using linux you can use pipelines.
A Unix pipe connects the STDOUT (standard output) file descriptor of
the first process to the STDIN (standard input) of the second.
so the command will be:
echo <password> | openssl pkcs12 -export -chain -in mycert.pem -inkey mykey.pem -out keystore.p12 -name namename-CAfile mycert.pem
Related
i am trying to deploy my node-RED environment using CA certificate.
i have created the pem files using .p12 file by executing below commands
– openssl pkcs12 -in test.p12 -passin pass:Password -out keyfile.pem -nodes
– openssl pkcs12 -in test.p12 -passin pass:Password -out crtfile.pem -nodes
then i have uncommented the https code from settings.js file of node red
https: {
key: require("fs").readFileSync('keyfile.pem'),
cert: require("fs").readFileSync('crtfile.pem')
}
i have used default http node and made the following configuration to the tls config
when i deploy the node i get the following error
"Error: unable to verify the first certificate"
what am i missing here?
Remove the changes you made to the settings.js. That section is only for if you want to have Node-RED serve the editor via TLS.
Next your openssl commands to export the user'sprivate key and certificate should probably be more like
openssl pkcs12 -in test.p12 -out keyfile.pem -passin pass:Password -nocerts
openssl pkcs12 -in test.p12 -out crtfile.crt -passin pass:Password -nokeys -clcert
You should also export the include CA chain with
openssl pkcs12 -in test.p12 -out ca.crt -passin pass:Password -cacerts -nokeys
You then need to add the ca.crt file to the HTTP node's TLS config.
I have _client-cert.pem and client-key.pem and ca.pem files which I am trying to add to my grails project.
I used following commands :
Convert client keys/certificate files to PKCS#12 before creating a keystore
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem \
-name “mysqlclient” -passout pass:mypassword -out client-keystore.p12
Create a Java Keystore using the client-keystore.p12 file
keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 \
-srcstorepass mypassword -destkeystore keystore -deststoretype JKS -deststorepass mypassword
Then Modified my application.yml file with that path :
enabled: true
key-store: /..../proxreg
key-store-password:kjsfghsfjlhgl
keyStoreType: pkcs12
keyAlias: tomcat
I was wondering if I am missing any step or what am I doing wrong. I am getting access denied error but when I try to connect thro mysql wokbench it works
You can generate a self-signed certificate using the openssl command-line utility.
We can use openssl's req command to create a self-signed certificate:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Above will prompt you to supply metadata about the certificate, such as Country, Organization, etc. Moreover, it will ask you to provide a PEM pass phrase. Enter a random password and keep it safe; we will need in the next step.
Now you have you self-signed certificate. Unfortunately Grails (and Spring Boot) doesn’t support the PEM format directly. Instead, we need to use the PKCS12 format for our keys. Fortunately, there is another openssl command to make the conversion:
openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 -name tomcat -caname root
Update grails-app/conf/application.yml with the following lines:
server:
port: 8443
ssl:
keyStore: /certificates/keystore.p12
keyStorePassword: secret
# keyAlias: tomcat
Above all worked fine with me. for more information please refer this and this
Hope this will help you.
I've signed a file like this, using LibreSSL 2.8.3 on macOS:
openssl smime -binary -sign -certfile WWDR.pem -signer passcertificate.pem \
-inkey passkey.pem -in manifest.json -out signature \
-outform DER -passin pass:12345
and now I want to just immediately verify that same file. I am trying the following command
openssl smime -binary -verify -certfile WWDR.pem -signer passcertificate.pem \
-inkey passkey.pem -in manifest.json -content signature \
-inform DER -passin pass:12345
but that fails with the below error. What's the proper syntax to verify the signature?
Error reading S/MIME message
4550921836:error:0DFFF0A8:asn1 encoding routines:CRYPTO_internal:wrong tag:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/crypto/asn1/tasn_dec.c:1144:
4550921836:error:0DFFF03A:asn1 encoding routines:CRYPTO_internal:nested asn1 error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/crypto/asn1/tasn_dec.c:317:Type=PKCS7
I'm basically doing this because I want to try and implement the signing in swift. I know the above sign command works properly, and so if I can figure out how to verify a file then I can properly test whether or not my Swift implementation works.
The WWDR.pem file comes from http://www.apple.com/certificateauthority, and is the Worldwide Developer Relations certificate.
To get the passcertificate.pem and passkey.pem files I went to the Apple Developer portal and generated the pass certificate, imported it into the mac Keychain Access, exported it to Certificates.p12, then ran these two commands:
openssl pkcs12 -in Certificates.p12 -clcerts -nokeys \
-out passcertificate.pem -passin pass:
openssl pkcs12 -in Certificates.p12 -nocerts -out passkey.pem \
-passin pass: -passout pass:12345
I am using openssl smime to sign and verify data.
To sign text file using openssl I sue the following command:
openssl smime -sign -in sample.txt -out mail.msg -signer cert.pem -inkey key.pem
Then I proceed to verification:
openssl smime -verify -in mail.msg -CAfile allCA.pem
The verification succeed.
My problem is that I have an external tool that performs the verification using the following command:
openssl smime -verify -in mail.msg -inform DER -CAfile allCA.pem
How to sign my txt file so it can be verified with the previous command ?
What I've tried so far:
openssl smime -sign -in sample.txt -out mail.msg -outform DER -signer cert.pem -inkey key.pem
But I get an error when trying to verify my mail:
Verification failure
140204331579208:error:2107507A:PKCS7 routines:PKCS7_verify:no content:pk7_smime.c:291:
The way you call sign operation creates detached signature so you would need to pass -content sample.txt to verify command. However, it is possible to create structure that encapsulates message together with signature (-nodetach parameter).
This is the sign command you are looking for:
openssl smime -sign -in data.dat -out mail.msg -signer cert.pem -inkey key.pem -outform DER -nodetach
I want to use GnuTLS certtool to convert a PEM public and private key to a PKCS12 pfx bundle. I don't have openssl available to me on the target system. The equivalent command with openssl is:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
$ certtool --load-certificate certificate.pem --load-privkey certificate.pem --to-p12 --outder --outfile certificate.pfx