[strongSwan] Problem exporting pkcs12-File

Andreas Steffen andreas.steffen at strongswan.org
Fri Jan 6 13:57:17 CET 2012

Hello Stefan,

the openssl pkcs12 comman expects the private key and all
certificates to be in the base64-encoded PEM format. There
is no -inform option which would support DER-encoded files.

If you are using the ipsec pki commands then you must explicitly
output the keys/certificates in PEM format.



On 06.01.2012 13:52, Stefan Malte Schumacher wrote:
> Dear members of the strongSwan-Community
> I am trying to create an encrypted connection between my home server
> "Mars" and my laptop "Deimos". I have created a CA as well as keys and
> certificates for each of my peers according to the instruction at
> http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA. Now I
> want to create the necessary pk12-file which I can import in Windows 7
> on "Deimos".  According to my information the necessary command should
> be as follows: "openssl pkcs12 -export -inkey deimosKey.der -in
> deimosCert.der -name "Deimos" -certfile caCert.der -caname "Stefan
> Malte Schumacher CA" -out deimos.p12". Unfortunately I only get an
> error message "unable to load private key" despite the fact that the
> deimosKey.der is containted in the current working directory. What am
> I doing wrong?
> Sincerely
> Stefan Malte Schumacher

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120106/96fba329/attachment.bin>

More information about the Users mailing list