[Help-gnutls] Exporting a PKCS#12 structure without the private key

Fabian Fagerholm fabbe at paniq.net
Mon Nov 8 20:44:10 CET 2004


I've created a PKCS#12 file using gnutls certtool to distribute a
certificate to some clients. However, it seems that certtool includes
both the certificate and the private key in that file. But I absolutely
do not want to distribute the key, only the certificate.

From rom rom reading the OpenSSL mailing lists, I've learned that PKCS#12 files
typically include both the certificate and the private key, but that it
isn't stricly neccessary. A development version of OpenSSL can generate
PKCS#12 files with either only the certificate or only the key. This
option was not available before, because some programs had trouble
handling such files.

I also read that the certificate might be put into a PKCS#7 structure
and the key in a PKCS#8 structure, but I have no idea if these formats
are supported anywhere. Certtool seems to support PKCS#8 keys, but I
don't know how that is going to help.

Can certtool be used to put only the certificate into a PKCS#12
structure? Or is there another format besides PEM that would allow me to
distribute only the certificate?

Please Cc me on replies, I'm not subscribed to help-gnutls.

Many thanks,
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20041108/2cf059eb/attachment.pgp>

More information about the Gnutls-help mailing list