"-passin pass:" works:<br />
<br />
```<br />
$ openssl pkcs12 \<br />
-export \<br />
-inkey ${f_host_key} \<br />
-passin pass:$(cat ${f_host_passphrase}) \<br />
-in ${f_host_cert} \<br />
-name "${l_ds_cert_name}" \<br />
-password file:${f_host_passphrase} \<br />
-out ${f_host_p12}<br />
<br />
...<br />
<br />
$ pk12util -i ${f_host_p12} \<br />
-w ${f_host_passphrase} \<br />
-d ${l_sql_prefix}${d_nssdb} \<br />
-k ${f_host_passphrase}<br />
<br />
pk12util: PKCS12 IMPORT SUCCESSFUL<br />
```<br />
<br />
"-passin file:" fails:<br />
<br />
```<br />
$ openssl pkcs12 \<br />
-export \<br />
-inkey ${f_host_key} \<br />
-passin file:${f_host_passphrase} \<br />
-in ${f_host_cert} \<br />
-name "${l_ds_cert_name}" \<br />
-password file:${f_host_passphrase} \<br />
-out ${f_host_p12}<br />
<br />
...<br />
<br />
$ pk12util -i ${f_host_p12} \<br />
-w ${f_host_passphrase} \<br />
-d ${l_sql_prefix}${d_nssdb} \<br />
-k ${f_host_passphrase}<br />
<br />
pk12util: PKCS12 decode not verified: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.<br />
```<br />
<br />
The OpenSSL command succeeds both ways. However, and weirdly, I can't put the resulting pkcs12 certificate in an NSS Database. The surprising part is that the -passin switch is affecting this. The -passout switch is fine!<br />
<br />
I'm listing this as "minor" because the workaround is trivial.
↧