How to create a PKCS#12 which IKEYMAN will accept

This will apply if you did not use IKEYMAN to create the private key and the certificate request.
Although IKEYMAN does allow to import other key storages (another key.db, Java keystore or PKCS#12) it is not as easy as it may seem.

If you had your private key and certificate request in another key.db you would use that and not have a need to import as you could simply use that key.db file.

The Java keystore is another matter and has even more problems than IKEYMAN. The keytool program does not allow the import of private keys.

For a simple import this may seem like a lot of effort and OpenSSL does provide to create a PKCS#12 so the obvious choice would be to just do that. Once a PKCS#12 is created IKEYMAN will happily read the file, request the container password and then fail…

The reason is that IKEYMAN does accept a PKCS#12 container but has some restraints towards the encryption algorithm used for the private key and certificate.

The working command for creating a successful PKCS#12 that IKEYMAN will accept is:

     $ openssl pkcs12 -export -name "MyLabel" -inkey  my-key.key -in my-cert.crt -out cert-and-key.p12 -keypbe PBE-SHA1-RC2-40

3 thoughts on “How to create a PKCS#12 which IKEYMAN will accept

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s