[kleopatra] [Bug 333310] Can't import PFX certificates (Firefox and Chrome does)

[Rafael]

https://bugs.kde.org/show_bug.cgi?id=333310

--- Comment #5 from Rafael <rmrcbm at gmail.com> ---
This is for Firefox Winxxx, but it is the same for Linux (in my case,
OpenSUSE). You can put extension .pfx or .p12, is equivalent.
http://blog.ksoftware.net/2011/07/exporting-your-code-signing-certificate-to-a-pfx-file-from-firefox/

Interesting if you want to know more about:

PFX files are PKCS#12 Personal Information Exchange Syntax Standard files. They
can include arbitrary number of private keys with accompanying X.509
certificates (public keys) and a Certificate Authority Chain (IIS accepts only
.pfx files)

On the other hand, a ".cert" (or ".cer" or ".crt") file usually contains a
single certificate, alone and without any wrapping (no private key, no password
protection, just the certificate).

CER files: CER file is used to store X.509 certificate. Normally used for SSL
certification to verify and identify web servers security. The file contains
information about certificate owner and public and private certificate keys. A
CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and
footer included (PEM).

PFX files Personal Exchange Format, is a PKCS12 file. This contains a variety
of cryptographic information, such as certificates, root authority
certificates, certificate chains and private keys. It’s cryptographically
protected with passwords to keep private keys private and preserve the
integrity of the root certificates. 

A workaround to this Kleopatra issue is to extract from PFX only the private
key:
openssl pkcs12 -in container_pass_protected.pfx -out cert_wo_pass.crt -nokeys
-clcerts

-- 
You are receiving this mail because:
You are the assignee for the bug.