[Cialug] Open SSL and cert help

Dave Weis djweis at sjdjweis.com
Wed Dec 26 22:31:26 UTC 2018 

I think I'd have the same problem either way. In any case, I was able to
figure it out:

 openssl pkcs12 -in foo.pfx -nocerts -out key.pem

 openssl pkcs12 -in foo.pfx -clcerts -nokeys -out public.pem

 openssl rsa -in key.pem -out privatekey.pem

The last command removes the key from the cert so it can be used on the
command line without lots of retyping.

dave






On Wed, Dec 26, 2018 at 4:04 PM Scott Yates <Scott at yatesframe.com> wrote:

> Ahh, sorry, i have not done that yet.  I wonder if curl would do that
> better perhaps?
>
> On Wed, Dec 26, 2018 at 3:51 PM Dave Weis <djweis at sjdjweis.com> wrote:
>
> > I need to present a private certificate to them that they generated and
> > accept their CA certificate. Neither of those are correctly occurring
> with
> > the wget command.
> >
> >
> >
> >
> > On Wed, Dec 26, 2018 at 3:18 PM Scott Yates <Scott at yatesframe.com>
> wrote:
> >
> > > I thought all you needed was the --no-check-certificate and could skip
> > the
> > > other options (except -v of course if you want it)
> > >
> > >
> > > On Wed, Dec 26, 2018 at 1:38 PM Dave Weis <djweis at sjdjweis.com> wrote:
> > >
> > > > Hello!
> > > >
> > > > I need to access a site with wget to download files. I have the CA
> and
> > > > private cert added to Chrome and it works fine. I don't remember how
> I
> > > did
> > > > this in the past but have the pfx file that I exported.
> > > >
> > > > [djweis at grand RLD]$ wget -v --no-check-certificate
> > > > --certificate=cacert.crt
> > > > --private-key=privatekey.pem --private-key-type=pem
> > > > https://rld.foo.com/rld/wtrliadt.txt
> > > > --2018-12-26 13:35:58--  https://rld.foo.com/rld/wtrliadt.txt
> > > > OpenSSL: error:0B080074:x509 certificate
> > > > routines:X509_check_private_key:key values mismatch
> > > > Disabling SSL due to encountered errors.
> > > >
> > > > It's been a long time since I used the openssl command line. Any
> > > > suggestions?
> > > >
> > > > thanks
> > > > dave
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>

More information about the Cialug mailing list